last executing test programs: 13m4.469659418s ago: executing program 4 (id=2110): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f00000001c0)={0x1, 0xffffffffffffffff, 0x1}) 13m4.267514601s ago: executing program 4 (id=2113): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_mr_cache\x00') pread64(r0, &(0x7f000001a240)=""/102394, 0x18ffa, 0x100008) pread64(r0, &(0x7f0000000040)=""/103, 0x67, 0x1) 13m4.120780085s ago: executing program 4 (id=2117): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f00000010c0)=0x1, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1001, 0x40003a, 0x6, 0x0, 0x40004, 0xffffffff, 0xfffffffd}, 0x1c) 13m4.005503174s ago: executing program 4 (id=2118): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001e0001ffffff00", @ANYRES16=0x0], 0x28}}, 0x8000) recvfrom(r0, &(0x7f00000008c0)=""/4096, 0x1000, 0x2000, 0x0, 0x0) 13m3.796024073s ago: executing program 4 (id=2122): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) statx(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x6000, &(0x7f0000000240)) 13m3.655950657s ago: executing program 4 (id=2126): openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', @random='\a\x00\x00 \x00'}) 12m48.512233988s ago: executing program 32 (id=2126): openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', @random='\a\x00\x00 \x00'}) 9m46.656009163s ago: executing program 0 (id=5030): syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0) 9m46.521845451s ago: executing program 0 (id=5031): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 9m46.450263893s ago: executing program 0 (id=5032): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x2, @remote}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}]}]}, 0x6c}}, 0x0) 9m46.305813203s ago: executing program 0 (id=5034): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000000)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x1c, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x4}]}]}, 0x3c}}, 0x0) 9m46.211661912s ago: executing program 0 (id=5036): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) 9m46.063307076s ago: executing program 0 (id=5039): r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f0000000180)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24) bind$rxrpc(r0, &(0x7f0000000180)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e22, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x5}}, 0x24) 9m30.833663591s ago: executing program 33 (id=5039): r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f0000000180)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24) bind$rxrpc(r0, &(0x7f0000000180)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e22, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x5}}, 0x24) 3.750633073s ago: executing program 5 (id=13615): io_setup(0x8, &(0x7f0000000000)=0x0) io_setup(0xc, &(0x7f0000000180)) io_destroy(r0) io_setup(0x400, &(0x7f0000000380)) 3.594538978s ago: executing program 6 (id=13619): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) r1 = dup(r0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40603d10, &(0x7f0000000040)) 3.477723495s ago: executing program 6 (id=13621): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000001cc0), 0x4) 3.321274993s ago: executing program 5 (id=13624): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xb0, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x10000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x1}, @TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0xc, 0x3, 0x280000000000000}]}}]}, 0xb0}}, 0x0) 3.10333221s ago: executing program 5 (id=13627): r0 = socket$kcm(0x1e, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000014c0)={&(0x7f0000001540)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, 0x0}, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x2f, &(0x7f00000000c0)=[{&(0x7f0000000080)="ff", 0x45}], 0x1, &(0x7f00000015c0)=ANY=[], 0x11f0}, 0x0) recvmmsg(r0, &(0x7f0000003f80)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000180)=""/54, 0x36}], 0x1, &(0x7f0000000740)=""/3, 0x3}, 0x7}], 0x1, 0x20, 0x0) 2.215224597s ago: executing program 6 (id=13639): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x110) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendfile(r1, r0, 0x0, 0x3a) 2.14026405s ago: executing program 5 (id=13641): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6) recvmmsg(r0, &(0x7f0000000580)=[{{&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000100)=""/230, 0xe6}, {&(0x7f0000000240)=""/200, 0xc8}, {&(0x7f0000000340)=""/175, 0xaf}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/119, 0x77}], 0x5, &(0x7f0000000540)=""/55, 0x37}}], 0x400000000000222, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x40020042, 0x0, 0x0) 1.937698318s ago: executing program 5 (id=13645): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)={0x0, 0x30, 0xc, "00004700000040f400bec073"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000340)={0x34, &(0x7f0000000380)={0x40, 0x8, 0x28, "417e2da655025aad15628c9a662319731f913034872e44009b95c69a88ef239a9423dc3f50ea3946"}, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.918106033s ago: executing program 6 (id=13647): mkdir(&(0x7f00000022c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB='/'], 0x2) mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x8afa89, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x24000, 0x0) 1.842335468s ago: executing program 6 (id=13648): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x1694, &(0x7f0000000000)={0x0, 0x0, 0x80, 0x1, 0x17b}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x3000) 1.718480885s ago: executing program 2 (id=13650): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f00000003c0)="93e24a327200"/17, 0x11}, {&(0x7f0000000440)="bcc9b1590200de9e5de63a46ef5d84ff3ca4f7cfd6c5bd0380b5408b61548ab173f26bd12d5f6a4606c67a52f258e7", 0x2f}], 0x2}, 0x200c040) 1.505971962s ago: executing program 2 (id=13654): io_setup(0x222, &(0x7f0000000180)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0) io_submit(r0, 0x2, &(0x7f0000000140)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xffff, r1, &(0x7f0000000080)="8e18", 0x2, 0x6ed}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x3, r1, 0x0}]) 1.270011306s ago: executing program 2 (id=13656): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10}, 0x24) sendmmsg(r0, &(0x7f0000006000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/21, 0x15}, 0x0) 1.051785712s ago: executing program 3 (id=13659): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) 1.036579604s ago: executing program 2 (id=13660): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000800)={'hsr0\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r2, 0x0, 0x0, 0x40000, &(0x7f00000001c0)={0x11, 0x1, r1, 0x1, 0x70, 0x6, @local}, 0x14) 1.024316388s ago: executing program 1 (id=13661): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000080)={0x34, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xda}]}]}]}, 0x34}}, 0x0) 870.173965ms ago: executing program 3 (id=13662): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000040)=ANY=[], 0x0) 785.7768ms ago: executing program 2 (id=13663): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$inet6(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000440)="a60ee4ccca4f2583390f2c2dc8a78508a38eed8161c1ee045766f0", 0x1b}, {&(0x7f0000000000)="22f4316f4e090f1fd8298efb1d2e4073d0babc0950", 0x15}], 0x2}, 0x40) 737.391453ms ago: executing program 1 (id=13664): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2={0xff, 0x5}, 0x200, 0x0, 0xff, 0x3}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') pread64(r1, &(0x7f0000001600)=""/4103, 0x1007, 0x4b) 625.254447ms ago: executing program 3 (id=13665): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x18, &(0x7f00000002c0)=@raw=[@exit, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffc}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1400}}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @tail_call, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffe}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x401}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4b) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'}) 462.216075ms ago: executing program 3 (id=13666): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000080)={0x14, 0x2c, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 461.59363ms ago: executing program 1 (id=13667): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000001c000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="4000a2000a000200ffffffffffff000008000f00da"], 0x34}}, 0x0) 381.012986ms ago: executing program 2 (id=13668): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x58, 0x9) writev(r1, &(0x7f0000000200)=[{&(0x7f00000001c0)="e7", 0xfffffdd6}], 0x1) 297.273894ms ago: executing program 3 (id=13669): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000b1000040"]) 241.799493ms ago: executing program 1 (id=13670): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xc240, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') 205.9287ms ago: executing program 1 (id=13671): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(r0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xb, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0x18, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000025000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000af000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 157.759886ms ago: executing program 3 (id=13672): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x9) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) clock_gettime(0xffffffc4, 0x0) 97.766347ms ago: executing program 1 (id=13673): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)) 97.594936ms ago: executing program 6 (id=13674): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000240)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setregid(0xee00, 0x0) 0s ago: executing program 5 (id=13675): syz_open_procfs$userns(0x0, &(0x7f00000000c0)) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, 0x0, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): 23][ T5925] usb 2-1: SerialNumber: syz [ 859.899261][T30222] netlink: 'syz.3.11028': attribute type 1 has an invalid length. [ 860.169383][ T5925] usb 2-1: dvb_usb_v2: found a 'Hauppauge 117xxx ATSC+' in warm state [ 860.207765][ T5925] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 860.219177][ T5925] dvbdev: DVB: registering new adapter (Hauppauge 117xxx ATSC+) [ 860.226992][ T5925] usb 2-1: media controller created [ 860.237344][ T5834] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 860.246806][ T5925] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 860.346051][ T5925] usb 2-1: selecting invalid altsetting 1 [ 860.352538][ T5925] set interface failed [ 860.353093][ T5925] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 860.376870][ T5925] error writing reg: 0xff, val: 0x00 [ 860.484628][ T5925] dvb_usb_mxl111sf 2-1:2.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 860.527891][ T5925] usb 2-1: USB disconnect, device number 94 [ 860.578843][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 860.611892][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 860.632600][ T5834] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 860.663163][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 860.715362][ T5834] usb 4-1: config 0 descriptor?? [ 860.940705][T30251] input: syz1 as /devices/virtual/input/input159 [ 861.155617][ T5834] isku 0003:1E7D:319C.00FC: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.3-1/input0 [ 861.187315][T29175] usb 3-1: new full-speed USB device number 107 using dummy_hcd [ 861.340279][T29175] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 861.352673][T29175] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 861.363754][T29175] usb 3-1: config 0 descriptor?? [ 861.436715][T30266] Cannot find add_set index 0 as target [ 861.605594][ T5834] usb 4-1: USB disconnect, device number 104 [ 861.803186][T29175] [drm:udl_init] *ERROR* Selecting channel failed [ 861.824605][T29175] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 861.831602][T29175] [drm] Initialized udl on minor 2 [ 861.837897][T29175] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 861.846221][T29175] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 861.863376][ T121] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 861.873115][T29175] usb 3-1: USB disconnect, device number 107 [ 861.880586][ T121] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 862.331053][ T5925] usb 6-1: new high-speed USB device number 78 using dummy_hcd [ 862.418451][T30295] infiniband syz2: set down [ 862.424578][T30295] infiniband syz2: added syzkaller0 [ 862.485150][T30295] RDS/IB: syz2: added [ 862.497636][ T5925] usb 6-1: Using ep0 maxpacket: 16 [ 862.502719][T30295] smc: adding ib device syz2 with port count 1 [ 862.505009][ T5925] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 862.517773][T30295] smc: ib device syz2 port 1 has pnetid [ 862.522034][ T5925] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 862.539687][ T5925] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 862.553623][ T5925] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 862.563785][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 862.577601][ T5925] usb 6-1: Product: syz [ 862.581958][ T5925] usb 6-1: Manufacturer: syz [ 862.587713][ T5925] usb 6-1: SerialNumber: syz [ 862.724243][T30307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11066'. [ 863.006201][ T5925] usb 6-1: 0:2 : does not exist [ 863.141504][T30312] Process accounting resumed [ 863.159872][T30312] kernel write not supported for file /asound/timers (pid: 30312 comm: syz.2.11068) [ 863.417331][ T5925] usb 6-1: 1:0: cannot get min/max values for control 4 (id 1) [ 863.444402][ T5925] usb 6-1: USB disconnect, device number 78 [ 863.473973][T30316] macvlan1: entered promiscuous mode [ 863.486825][T30316] bridge0: entered promiscuous mode [ 863.503603][T30316] bridge0: port 1(macvlan1) entered blocking state [ 863.510572][T30316] bridge0: port 1(macvlan1) entered disabled state [ 863.555414][ T83] smc: removing ib device syz2 [ 863.587856][T30316] macvlan1: entered allmulticast mode [ 863.613833][T30316] bridge0: entered allmulticast mode [ 863.654577][T30316] macvlan1: left allmulticast mode [ 863.676682][T30316] bridge0: left allmulticast mode [ 863.722817][T30316] bridge0: left promiscuous mode [ 864.402398][T30338] vlan0: vlans aren't supported yet for dev_uc|mc_add() [ 865.696306][T30380] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11099'. [ 866.020966][T30396] netlink: 'syz.5.11106': attribute type 11 has an invalid length. [ 866.042395][T30396] netlink: 36 bytes leftover after parsing attributes in process `syz.5.11106'. [ 867.104612][T30438] netlink: 208 bytes leftover after parsing attributes in process `syz.3.11124'. [ 867.115041][T30438] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11124'. [ 867.607341][T29175] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 867.757335][T29175] usb 4-1: Using ep0 maxpacket: 16 [ 867.782793][T29175] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 867.810714][T29175] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 867.855068][T29175] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 867.871284][T29175] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 867.881333][T29175] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 867.901024][T29175] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 867.921031][T29175] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 867.930568][T29175] usb 4-1: Manufacturer: syz [ 867.940886][T29175] usb 4-1: config 0 descriptor?? [ 868.079953][T30459] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 868.088956][T30459] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 868.097576][T30459] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 868.106226][T30459] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 868.257501][ T5130] Bluetooth: hci1: command 0x0419 tx timeout [ 868.269441][T30465] program syz.5.11138 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 868.287723][T29175] rc_core: IR keymap rc-hauppauge not found [ 868.294403][T30467] netlink: 428 bytes leftover after parsing attributes in process `syz.1.11135'. [ 868.304174][T29175] Registered IR keymap rc-empty [ 868.309420][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.367409][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.370780][T30467] netlink: 32 bytes leftover after parsing attributes in process `syz.1.11135'. [ 868.387733][T29175] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 868.417773][T29175] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input160 [ 868.439559][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.487430][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.517429][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.538034][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.557529][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.600314][T30468] sctp: [Deprecated]: syz.2.11137 (pid 30468) Use of int in max_burst socket option. [ 868.600314][T30468] Use struct sctp_assoc_value instead [ 868.600858][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.662597][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.697492][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.717299][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.737271][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.757308][T29175] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 868.778258][T29175] mceusb 4-1:0.0: Registered р with mce emulator interface version 1 [ 868.786775][T29175] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 868.836900][T29175] usb 4-1: USB disconnect, device number 105 [ 869.337491][ T25] usb 6-1: new high-speed USB device number 79 using dummy_hcd [ 869.499213][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 869.512910][ T25] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 869.538445][ T25] usb 6-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 869.558164][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 869.592389][ T25] usb 6-1: config 0 descriptor?? [ 869.807358][ T121] usb 2-1: new full-speed USB device number 95 using dummy_hcd [ 870.129062][ T25] ortek 0003:1223:3F07.00FD: unknown main item tag 0x6 [ 870.142604][ T25] ortek 0003:1223:3F07.00FD: bogus close delimiter [ 870.166187][ T25] ortek 0003:1223:3F07.00FD: item 0 0 2 10 parsing failed [ 870.166216][ T121] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 870.182862][ T121] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 870.184660][ T25] ortek 0003:1223:3F07.00FD: probe with driver ortek failed with error -22 [ 870.193286][ T121] usb 2-1: config 0 descriptor?? [ 870.228074][T30513] netlink: 'syz.3.11157': attribute type 21 has an invalid length. [ 870.236287][T30513] netlink: 156 bytes leftover after parsing attributes in process `syz.3.11157'. [ 870.257850][T30513] netlink: 'syz.3.11157': attribute type 21 has an invalid length. [ 870.266168][T30513] netlink: 156 bytes leftover after parsing attributes in process `syz.3.11157'. [ 870.361956][ T25] usb 6-1: USB disconnect, device number 79 [ 870.649152][ T121] [drm:udl_init] *ERROR* Selecting channel failed [ 870.679314][ T121] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 870.695336][ T121] [drm] Initialized udl on minor 2 [ 870.717274][ T121] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 870.742306][ T121] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 870.761898][ T5834] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 870.781372][ T121] usb 2-1: USB disconnect, device number 95 [ 870.787715][ T5834] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 872.208048][T30580] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11188'. [ 872.232620][T30579] netlink: 60 bytes leftover after parsing attributes in process `syz.5.11188'. [ 872.444760][T30591] netlink: 56 bytes leftover after parsing attributes in process `syz.3.11193'. [ 872.606699][T30600] netlink: 24 bytes leftover after parsing attributes in process `syz.6.11196'. [ 873.123707][ T29] audit: type=1326 audit(2000000471.530:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30617 comm="syz.6.11206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 873.163706][ T29] audit: type=1326 audit(2000000471.530:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30617 comm="syz.6.11206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 873.233063][ T29] audit: type=1326 audit(2000000471.530:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30617 comm="syz.6.11206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 873.299674][ T29] audit: type=1326 audit(2000000471.530:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30617 comm="syz.6.11206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 873.365774][ T29] audit: type=1326 audit(2000000471.530:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30617 comm="syz.6.11206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 873.408437][T30626] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11209'. [ 873.420117][ T29] audit: type=1326 audit(2000000471.570:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30617 comm="syz.6.11206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 873.432239][T30626] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11209'. [ 873.491427][ T29] audit: type=1326 audit(2000000471.570:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30617 comm="syz.6.11206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 873.557380][ T29] audit: type=1326 audit(2000000471.570:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30617 comm="syz.6.11206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 873.631059][ T29] audit: type=1326 audit(2000000471.630:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30617 comm="syz.6.11206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 874.188117][ T121] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 874.497628][ T25] usb 3-1: new high-speed USB device number 108 using dummy_hcd [ 874.537275][ T121] usb 2-1: Using ep0 maxpacket: 8 [ 874.667539][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 874.675347][ T25] usb 3-1: config 0 interface 0 has no altsetting 0 [ 874.680403][ T121] usb 2-1: unable to get BOS descriptor or descriptor too short [ 874.692612][ T121] usb 2-1: config 4 interface 0 has no altsetting 0 [ 874.692948][ T25] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 874.719733][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 874.738695][ T25] usb 3-1: Product: syz [ 874.740405][ T121] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 874.747100][ T25] usb 3-1: Manufacturer: syz [ 874.755619][ T121] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 874.771812][ T25] usb 3-1: SerialNumber: syz [ 874.778954][ T25] usb 3-1: config 0 descriptor?? [ 874.781050][ T121] usb 2-1: Product: syz [ 874.797386][ T121] usb 2-1: Manufacturer: syz [ 874.804455][ T121] usb 2-1: SerialNumber: syz [ 875.229772][ T25] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 875.270247][ T121] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 875.280054][ T121] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 875.298816][ T121] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 875.316145][ T121] usb 2-1: media controller created [ 875.360730][ T121] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 875.478328][ T121] usb 2-1: DVB: registering adapter 1 frontend 0 (Zarlink ZL10353 DVB-T)... [ 875.493859][ T121] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered. [ 875.595607][ T121] DVB: Unable to find symbol qt1010_attach() [ 875.631676][ T25] gs_usb 3-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 875.660749][ T25] usb 3-1: USB disconnect, device number 108 [ 875.771509][ T121] usb 2-1: USB disconnect, device number 96 [ 876.537334][ T5834] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 876.697183][ T5834] usb 3-1: Using ep0 maxpacket: 32 [ 876.709201][ T5834] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 876.744995][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 876.765509][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 876.783751][ T5834] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 876.803597][ T5834] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 876.819461][ T5834] usb 3-1: config 0 descriptor?? [ 876.845842][T30706] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 876.892369][ T5834] hub 3-1:0.0: USB hub found [ 876.938816][T30724] netlink: 12 bytes leftover after parsing attributes in process `syz.5.11251'. [ 877.083668][ T5834] hub 3-1:0.0: config failed, hub has too many ports! (err -19) [ 877.197278][ T5925] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 877.295989][ T5834] usbhid 3-1:0.0: can't add hid device: -71 [ 877.304176][ T5834] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 877.339658][ T5834] usb 3-1: USB disconnect, device number 109 [ 877.351148][ T5925] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 877.360625][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 877.377575][ T5925] usb 2-1: Product: syz [ 877.381813][ T5925] usb 2-1: Manufacturer: syz [ 877.386450][ T5925] usb 2-1: SerialNumber: syz [ 877.411908][ T5925] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 877.437547][ T25] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 878.239932][T30744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 878.278532][T30744] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 878.416301][T30758] netlink: 35 bytes leftover after parsing attributes in process `syz.3.11265'. [ 878.497434][ T25] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 878.538334][ T25] ath9k_htc: Failed to initialize the device [ 878.598031][ T25] usb 2-1: ath9k_htc: USB layer deinitialized [ 878.628303][T30761] netlink: 40 bytes leftover after parsing attributes in process `syz.3.11266'. [ 878.638221][T29175] usb 2-1: USB disconnect, device number 97 [ 878.887565][ T25] usb 6-1: new high-speed USB device number 80 using dummy_hcd [ 879.051178][ T25] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 879.063843][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 879.084623][ T25] usb 6-1: config 0 descriptor?? [ 879.098471][ T25] cp210x 6-1:0.0: cp210x converter detected [ 879.506420][ T25] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 879.523903][ T25] usb 6-1: cp210x converter now attached to ttyUSB0 [ 879.755715][ T5834] usb 6-1: USB disconnect, device number 80 [ 879.798782][ T5834] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 879.828441][ T5834] cp210x 6-1:0.0: device disconnected [ 880.596199][T30815] VFS: could not find a valid V7 on nullb0. [ 880.649971][T30815] XFS (nullb0): Invalid superblock magic number [ 881.097566][ T25] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 881.247424][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 881.255180][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 881.272273][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 881.282791][ T25] usb 3-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 881.293313][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 881.305212][ T25] usb 3-1: config 0 descriptor?? [ 881.733606][ T25] logitech 0003:046D:CA03.00FE: item fetching failed at offset 0/5 [ 881.743290][ T25] logitech 0003:046D:CA03.00FE: parse failed [ 881.749744][ T25] logitech 0003:046D:CA03.00FE: probe with driver logitech failed with error -22 [ 881.938257][ T25] usb 3-1: USB disconnect, device number 110 [ 882.020448][T30866] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 882.205613][T30876] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11313'. [ 882.799762][T30894] bpf: Bad value for 'uid' [ 883.513167][T30921] io-wq is not configured for unbound workers [ 884.855022][T30963] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 30963 comm: syz.1.11352) [ 884.962129][ T29] audit: type=1800 audit(2000000483.340:674): pid=30963 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.11352" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=109747 res=0 errno=0 [ 885.519895][T30997] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11369'. [ 885.527333][ T5834] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 885.606458][T31002] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11371'. [ 885.710554][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 885.725708][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 885.738158][ T5834] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 885.748156][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 885.760265][ T5834] usb 2-1: config 0 descriptor?? [ 885.979135][T31017] netlink: 'syz.2.11377': attribute type 1 has an invalid length. [ 886.181641][ T5834] cp2112 0003:10C4:EA90.00FF: unknown main item tag 0x0 [ 886.191347][ T5834] cp2112 0003:10C4:EA90.00FF: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 886.414806][ T5834] cp2112 0003:10C4:EA90.00FF: Part Number: 0x82 Device Version: 0xFE [ 886.460916][ T29] audit: type=1326 audit(2000000484.870:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31020 comm="syz.3.11380" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x0 [ 886.625306][ T5834] cp2112 0003:10C4:EA90.00FF: error requesting SMBus config [ 886.643981][ T5834] cp2112 0003:10C4:EA90.00FF: probe with driver cp2112 failed with error -71 [ 886.676555][ T5834] usb 2-1: USB disconnect, device number 98 [ 886.850171][T31048] netem: incorrect ge model size [ 886.856115][T31048] netem: change failed [ 887.369524][T31062] 8021q: adding VLAN 0 to HW filter on device bond2 [ 887.392095][T31062] bond0: (slave bond2): Enslaving as an active interface with an up link [ 887.527737][ T5834] kernel write not supported for file /5140/net/fib_triestat (pid: 5834 comm: kworker/0:3) [ 888.218993][T31093] bond1: entered promiscuous mode [ 888.233570][T31093] bond1: entered allmulticast mode [ 888.239878][T31093] 8021q: adding VLAN 0 to HW filter on device bond1 [ 889.301813][ T29] audit: type=1107 audit(2000000487.710:676): pid=31135 uid=0 auid=4 ses=2 subj=_ msg='' [ 889.316521][T31093] bond1 (unregistering): Released all slaves [ 889.677743][ T29] audit: type=1400 audit(2000000488.080:677): lsm=SMACK fn=smack_key_permission action=denied subject="w" object="_" requested=w pid=31155 comm="syz.5.11440" key_serial=274372247 key_desc="_uid_ses.0" [ 890.187572][ T5925] usb 6-1: new high-speed USB device number 81 using dummy_hcd [ 890.378738][ T5925] usb 6-1: Using ep0 maxpacket: 16 [ 890.386082][ T5925] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 890.394693][ T5925] usb 6-1: config 0 has no interface number 0 [ 890.414800][ T5925] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 890.453096][ T5925] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 890.521454][ T5925] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 890.530897][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 890.539918][ T5925] usb 6-1: Product: syz [ 890.544127][ T5925] usb 6-1: SerialNumber: syz [ 890.578777][ T5925] usb 6-1: config 0 descriptor?? [ 890.599306][ T5925] cm109 6-1:0.8: invalid payload size 0, expected 4 [ 890.607785][ T5925] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.8/input/input161 [ 890.915195][ C1] cm109 6-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 891.168244][ C0] cm109_urb_ctl_callback: 60 callbacks suppressed [ 891.168272][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 891.172366][ T5925] usb 6-1: USB disconnect, device number 81 [ 891.174774][ C0] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 891.244132][ T5925] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 891.515842][T31224] netlink: 'syz.1.11467': attribute type 6 has an invalid length. [ 892.062296][T31239] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 892.069319][T31239] pim6reg0: linktype set to 804 [ 892.297721][T29175] usb 6-1: new high-speed USB device number 82 using dummy_hcd [ 892.389263][T31258] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11483'. [ 892.401841][T31258] netlink: 104 bytes leftover after parsing attributes in process `syz.2.11483'. [ 892.415265][T31259] netlink: 'syz.3.11482': attribute type 1 has an invalid length. [ 892.427272][T31259] netlink: 'syz.3.11482': attribute type 4 has an invalid length. [ 892.445191][T31259] netlink: 212 bytes leftover after parsing attributes in process `syz.3.11482'. [ 892.799131][T31276] input: syz0 as /devices/virtual/input/input162 [ 892.972171][ T29] audit: type=1326 audit(2000000491.380:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31281 comm="syz.3.11494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 893.015896][ T29] audit: type=1326 audit(2000000491.380:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31281 comm="syz.3.11494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 893.037580][ C1] vkms_vblank_simulate: vblank timer overrun [ 893.053360][ T29] audit: type=1326 audit(2000000491.380:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31281 comm="syz.3.11494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 893.112568][ T29] audit: type=1326 audit(2000000491.380:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31281 comm="syz.3.11494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 893.157227][ T29] audit: type=1326 audit(2000000491.380:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31281 comm="syz.3.11494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 893.207002][ T29] audit: type=1326 audit(2000000491.380:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31281 comm="syz.3.11494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 893.247322][ T29] audit: type=1326 audit(2000000491.380:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31281 comm="syz.3.11494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 893.290192][ T29] audit: type=1326 audit(2000000491.380:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31281 comm="syz.3.11494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 893.319063][ T29] audit: type=1326 audit(2000000491.380:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31281 comm="syz.3.11494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 893.381786][ T29] audit: type=1326 audit(2000000491.380:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31281 comm="syz.3.11494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 893.804110][T31305] netlink: 'syz.5.11504': attribute type 19 has an invalid length. [ 894.207172][ T25] usb 6-1: new full-speed USB device number 83 using dummy_hcd [ 894.221077][ T5925] hid-generic 0000:0000:0000.0100: unknown main item tag 0x0 [ 894.241637][ T5925] hid-generic 0000:0000:0000.0100: hidraw0: HID v0.00 Device [syz1] on syz0 [ 894.358901][ T25] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 894.369459][ T25] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 894.389248][ T25] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 894.398804][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 894.406889][ T25] usb 6-1: Product: syz [ 894.422140][ T25] usb 6-1: Manufacturer: syz [ 894.427099][ T25] usb 6-1: SerialNumber: syz [ 894.700349][ T25] usb 6-1: 0:2 : does not exist [ 894.709951][ T25] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 894.736871][ T25] usb 6-1: USB disconnect, device number 83 [ 895.719947][T31373] netlink: 12 bytes leftover after parsing attributes in process `syz.5.11532'. [ 895.730158][T31373] netlink: 36 bytes leftover after parsing attributes in process `syz.5.11532'. [ 895.744495][T31373] bridge0: port 2(vlan1) entered blocking state [ 895.751588][T31373] bridge0: port 2(vlan1) entered disabled state [ 895.760376][T31373] vlan1: entered allmulticast mode [ 895.770601][T31373] vlan1: left allmulticast mode [ 897.067174][ T121] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 897.157357][T29175] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 897.157845][ T5877] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 897.217258][ T121] usb 3-1: Using ep0 maxpacket: 16 [ 897.229705][ T121] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 897.253698][ T121] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 897.270050][ T121] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 897.290765][ T121] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 897.305697][ T121] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 897.317397][ T121] usb 3-1: config 0 descriptor?? [ 897.329129][T29175] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 897.340584][T29175] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 897.350401][ T5877] usb 2-1: Using ep0 maxpacket: 8 [ 897.356279][T29175] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 897.365849][T29175] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 897.368875][ T5877] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 897.377000][T29175] usb 4-1: config 0 descriptor?? [ 897.390632][ T5877] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 897.401668][ T5877] usb 2-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00 [ 897.432370][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 897.595777][T31450] program syz.6.11569 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 897.742270][ T121] microsoft 0003:045E:07DA.0101: unknown main item tag 0x0 [ 897.771566][ T121] microsoft 0003:045E:07DA.0101: unknown main item tag 0x0 [ 897.787328][ T121] microsoft 0003:045E:07DA.0101: unknown main item tag 0x0 [ 897.794698][ T121] microsoft 0003:045E:07DA.0101: unknown main item tag 0x0 [ 897.821554][ T121] microsoft 0003:045E:07DA.0101: unknown main item tag 0x0 [ 897.835204][T29175] uclogic 0003:5543:0042.0102: unbalanced collection at end of report description [ 897.844909][ T121] microsoft 0003:045E:07DA.0101: unknown main item tag 0x0 [ 897.867923][ T121] microsoft 0003:045E:07DA.0101: unknown main item tag 0x0 [ 897.882526][T29175] uclogic 0003:5543:0042.0102: parse failed [ 897.887963][ T5877] uclogic 0003:28BD:0075.0103: interface is invalid, ignoring [ 897.901591][T29175] uclogic 0003:5543:0042.0102: probe with driver uclogic failed with error -22 [ 897.925386][ T121] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0101/input/input163 [ 897.952633][ T121] microsoft 0003:045E:07DA.0101: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 897.972971][ T121] usb 3-1: USB disconnect, device number 111 [ 898.063081][T31462] netlink: 'syz.5.11575': attribute type 49 has an invalid length. [ 898.071505][ T5877] usb 4-1: USB disconnect, device number 106 [ 898.182436][ T5925] usb 2-1: USB disconnect, device number 99 [ 898.345307][T31471] tun0: tun_chr_ioctl cmd 1074025677 [ 898.351248][T31471] tun0: linktype set to 512 [ 901.057434][ T5875] usb 4-1: new high-speed USB device number 107 using dummy_hcd [ 901.217467][ T5875] usb 4-1: Using ep0 maxpacket: 16 [ 901.233872][ T5875] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 901.247419][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 901.271221][ T5875] usb 4-1: Product: syz [ 901.275470][ T5875] usb 4-1: Manufacturer: syz [ 901.281758][T31583] netem: incorrect ge model size [ 901.290607][ T5875] usb 4-1: SerialNumber: syz [ 901.302795][ T5875] usb 4-1: config 0 descriptor?? [ 901.310936][T31583] netem: change failed [ 901.447402][T31589] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11631'. [ 901.508692][T31593] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11633'. [ 901.541220][ T121] usb 4-1: USB disconnect, device number 107 [ 902.030142][T31619] sp0: Synchronizing with TNC [ 902.112452][T31623] sp0: Synchronizing with TNC [ 902.161897][T31626] sctp: [Deprecated]: syz.2.11647 (pid 31626) Use of struct sctp_assoc_value in delayed_ack socket option. [ 902.161897][T31626] Use struct sctp_sack_info instead [ 902.273970][T31628] netlink: 'syz.2.11648': attribute type 1 has an invalid length. [ 902.282564][T31628] netlink: 'syz.2.11648': attribute type 2 has an invalid length. [ 903.124341][T31648] infiniband syz2: set down [ 903.130802][T31648] infiniband syz2: added syzkaller0 [ 903.232853][T31648] RDS/IB: syz2: added [ 903.276069][T31648] smc: adding ib device syz2 with port count 1 [ 903.283218][T31648] smc: ib device syz2 port 1 has pnetid [ 903.854884][T31674] netlink: 'syz.2.11668': attribute type 1 has an invalid length. [ 904.146963][T31680] Invalid option length (1048261) for dns_resolver key [ 904.819848][ T121] usb 6-1: new high-speed USB device number 84 using dummy_hcd [ 904.928409][ T11] smc: removing ib device syz2 [ 905.007220][ T121] usb 6-1: Using ep0 maxpacket: 16 [ 905.014904][ T121] usb 6-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 905.034552][ T121] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 905.048829][ T121] usb 6-1: config 0 descriptor?? [ 905.067440][ T121] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 905.821280][T31704] syzkaller0: tun_chr_ioctl cmd 1074025678 [ 905.830476][T31704] syzkaller0: group set to 0 [ 905.879734][ T121] gspca_sonixj: reg_r err -71 [ 905.891638][ T121] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 905.913485][ T121] usb 6-1: USB disconnect, device number 84 [ 906.562326][T31732] vlan4: entered promiscuous mode [ 906.567800][T31732] vlan4: entered allmulticast mode [ 907.155344][T31758] input: syz0 as /devices/virtual/input/input164 [ 907.189531][T31762] netlink: 32 bytes leftover after parsing attributes in process `syz.6.11707'. [ 907.223674][T31762] netem: unknown loss type 13 [ 907.237176][T31762] netem: change failed [ 907.455925][T31772] tap0: tun_chr_ioctl cmd 1074025677 [ 907.469591][T31772] tap0: linktype set to 805 [ 907.555552][T31774] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11713'. [ 907.586055][T31774] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 908.057515][ T121] usb 6-1: new high-speed USB device number 85 using dummy_hcd [ 908.215798][ T121] usb 6-1: config 220 has 0 interfaces, different from the descriptor's value: 1 [ 908.232600][ T121] usb 6-1: New USB device found, idVendor=05f9, idProduct=07ff, bcdDevice= 4.00 [ 908.251925][ T121] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 908.275020][ T121] usb 6-1: Product: syz [ 908.291759][ T121] usb 6-1: Manufacturer: syz [ 908.296432][ T121] usb 6-1: SerialNumber: syz [ 908.537401][ T121] usb 6-1: USB disconnect, device number 85 [ 909.957378][ T25] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 910.026182][T31894] netlink: 'syz.3.11766': attribute type 1 has an invalid length. [ 910.060781][T31894] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11766'. [ 910.266128][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 910.274780][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 910.286310][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 910.296187][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 910.314668][ T25] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 910.329647][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 910.348407][ T25] usb 2-1: config 0 descriptor?? [ 910.775390][ T25] microsoft 0003:045E:07DA.0104: unknown main item tag 0x0 [ 910.787234][ T25] microsoft 0003:045E:07DA.0104: unknown main item tag 0x0 [ 910.794656][ T25] microsoft 0003:045E:07DA.0104: unknown main item tag 0x0 [ 910.812935][ T25] microsoft 0003:045E:07DA.0104: unknown main item tag 0x0 [ 910.827748][ T25] microsoft 0003:045E:07DA.0104: unknown main item tag 0x0 [ 910.845381][ T25] microsoft 0003:045E:07DA.0104: unknown main item tag 0x0 [ 910.865670][ T25] microsoft 0003:045E:07DA.0104: unknown main item tag 0x0 [ 910.893660][ T25] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0104/input/input165 [ 910.909213][ T25] microsoft 0003:045E:07DA.0104: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 911.113698][ T5875] usb 2-1: USB disconnect, device number 100 [ 911.547255][ T121] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 911.700104][ T121] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 911.722065][ T121] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 911.742922][ T121] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 911.766468][ T121] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 911.782580][ T121] usb 4-1: config 0 descriptor?? [ 912.201052][ T121] cp2112 0003:10C4:EA90.0105: unknown main item tag 0x0 [ 912.212471][ T121] cp2112 0003:10C4:EA90.0105: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 912.327356][ T5925] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 912.401015][ T121] cp2112 0003:10C4:EA90.0105: Part Number: 0x82 Device Version: 0xFE [ 912.529156][ T5925] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 912.554035][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 912.580587][ T5925] usb 2-1: config 0 descriptor?? [ 912.592591][ T5925] cp210x 2-1:0.0: cp210x converter detected [ 912.615667][ T121] cp2112 0003:10C4:EA90.0105: error requesting SMBus config [ 912.629213][ T121] cp2112 0003:10C4:EA90.0105: probe with driver cp2112 failed with error -71 [ 912.639973][T31982] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11805'. [ 912.642348][ T121] usb 4-1: USB disconnect, device number 108 [ 913.198370][ T5925] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 913.206182][ T5925] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 913.239673][ T5925] usb 2-1: cp210x converter now attached to ttyUSB0 [ 913.241037][T32005] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11815'. [ 913.255227][ T5925] usb 2-1: USB disconnect, device number 101 [ 913.270189][ T5925] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 913.294553][ T5925] cp210x 2-1:0.0: device disconnected [ 913.947005][T32039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11832'. [ 913.963621][T32039] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11832'. [ 914.116452][ T5130] Bluetooth: hci2: sending frame failed (-49) [ 914.124915][T28337] Bluetooth: hci2: Opcode 0x1003 failed: -49 [ 914.568154][T32068] program syz.2.11845 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 914.760218][T32080] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 914.941107][T32084] kvm: kvm [32083]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0x2 [ 915.241336][T32101] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 915.248135][T32101] syzkaller1: linktype set to 825 [ 915.541420][T32116] program syz.5.11866 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 915.599656][T32118] netlink: 'syz.3.11867': attribute type 1 has an invalid length. [ 915.958364][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 915.958385][ T29] audit: type=1326 audit(2000000514.370:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32133 comm="syz.2.11875" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x0 [ 916.487464][T32155] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 916.641803][ T5875] hid-generic 0000:0000:0000.0106: unknown main item tag 0x0 [ 916.666109][ T5875] hid-generic 0000:0000:0000.0106: hidraw0: HID v0.00 Device [syz1] on syz0 [ 916.855098][T32165] trusted_key: syz.5.11886 sent an empty control message without MSG_MORE. [ 916.868893][T32164] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11888'. [ 916.897255][ T121] usb 2-1: new full-speed USB device number 102 using dummy_hcd [ 917.098135][ T121] usb 2-1: unable to get BOS descriptor or descriptor too short [ 917.106734][ T121] usb 2-1: no configurations [ 917.113657][ T121] usb 2-1: can't read configurations, error -22 [ 917.737237][T29175] usb 6-1: new high-speed USB device number 86 using dummy_hcd [ 917.900686][T29175] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 917.913776][T29175] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 917.929872][T29175] usb 6-1: Product: syz [ 917.934301][T29175] usb 6-1: Manufacturer: syz [ 917.941670][T29175] usb 6-1: SerialNumber: syz [ 917.957876][T29175] usb 6-1: config 0 descriptor?? [ 917.964801][ T29] audit: type=1326 audit(2000000516.370:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32211 comm="syz.2.11908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 917.991773][ T29] audit: type=1326 audit(2000000516.370:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32211 comm="syz.2.11908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 918.015622][T29175] ch341 6-1:0.0: ch341-uart converter detected [ 918.023652][ T29] audit: type=1326 audit(2000000516.370:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32211 comm="syz.2.11908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 918.086672][ T29] audit: type=1326 audit(2000000516.370:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32211 comm="syz.2.11908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 918.117191][ T29] audit: type=1326 audit(2000000516.370:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32211 comm="syz.2.11908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 918.159152][ T29] audit: type=1326 audit(2000000516.370:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32211 comm="syz.2.11908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 918.182676][ T29] audit: type=1326 audit(2000000516.400:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32211 comm="syz.2.11908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 918.260126][ T29] audit: type=1326 audit(2000000516.670:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32188 comm="syz.6.11897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7fc00000 [ 918.847848][T29175] usb 6-1: failed to send control message: -71 [ 918.854281][T29175] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 918.868490][T29175] usb 6-1: USB disconnect, device number 86 [ 918.881602][T29175] ch341 6-1:0.0: device disconnected [ 920.637310][ T5875] usb 3-1: new high-speed USB device number 112 using dummy_hcd [ 920.657162][ T5130] Bluetooth: hci1: command 0x0419 tx timeout [ 920.787205][ T5875] usb 3-1: Using ep0 maxpacket: 16 [ 920.848953][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 920.870844][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 920.906342][ T5875] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 920.935271][ T29] audit: type=1326 audit(2134218247.342:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32309 comm="syz.6.11948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 920.971941][ T5875] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 920.991873][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 921.003519][ T29] audit: type=1326 audit(2134218247.342:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32309 comm="syz.6.11948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 921.030144][ T5875] usb 3-1: config 0 descriptor?? [ 921.042719][ T29] audit: type=1326 audit(2134218247.342:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32309 comm="syz.6.11948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 921.073669][ T29] audit: type=1326 audit(2134218247.342:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32309 comm="syz.6.11948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 921.119570][ T29] audit: type=1326 audit(2134218247.342:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32309 comm="syz.6.11948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 921.142951][ T29] audit: type=1326 audit(2134218247.342:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32309 comm="syz.6.11948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 921.164635][ C1] vkms_vblank_simulate: vblank timer overrun [ 921.173914][ T29] audit: type=1326 audit(2134218247.372:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32309 comm="syz.6.11948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2f8785d29 code=0x7ffc0000 [ 921.410732][T32327] dummy0: entered promiscuous mode [ 921.452326][ T5875] microsoft 0003:045E:07DA.0107: ignoring exceeding usage max [ 921.466571][T32327] dummy0: left promiscuous mode [ 921.485061][ T5875] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0107/input/input166 [ 921.514536][ T5875] microsoft 0003:045E:07DA.0107: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 921.705397][ T25] usb 3-1: USB disconnect, device number 112 [ 923.268188][T29175] usb 6-1: new high-speed USB device number 87 using dummy_hcd [ 923.421903][T29175] usb 6-1: Using ep0 maxpacket: 16 [ 923.429132][T29175] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 923.445187][T29175] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 923.461153][T29175] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 923.481433][T29175] usb 6-1: config 0 descriptor?? [ 923.776710][T32411] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11991'. [ 923.804246][T32411] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 923.811617][T32411] IPv6: NLM_F_CREATE should be set when creating new route [ 923.819089][T32411] IPv6: NLM_F_CREATE should be set when creating new route [ 923.847744][ T5925] usb 3-1: new high-speed USB device number 113 using dummy_hcd [ 923.953983][T29175] mcp2221 0003:04D8:00DD.0108: unknown main item tag 0x0 [ 923.961323][T29175] mcp2221 0003:04D8:00DD.0108: unknown main item tag 0x0 [ 923.969771][T29175] mcp2221 0003:04D8:00DD.0108: item fetching failed at offset 2/5 [ 923.983012][T29175] mcp2221 0003:04D8:00DD.0108: can't parse reports [ 923.989781][T29175] mcp2221 0003:04D8:00DD.0108: probe with driver mcp2221 failed with error -22 [ 924.008162][ T5925] usb 3-1: Using ep0 maxpacket: 32 [ 924.015358][ T5925] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 924.070889][ T5925] usb 3-1: New USB device found, idVendor=0123, idProduct=0001, bcdDevice=4a.fe [ 924.080851][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 924.089114][ T5925] usb 3-1: Product: syz [ 924.093412][ T5925] usb 3-1: Manufacturer: syz [ 924.098137][ T5925] usb 3-1: SerialNumber: syz [ 924.105200][ T5925] usb 3-1: config 0 descriptor?? [ 924.148786][ T25] usb 6-1: USB disconnect, device number 87 [ 924.227531][ T5877] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 924.317958][ T5925] usbtouchscreen 3-1:0.0: probe with driver usbtouchscreen failed with error -71 [ 924.331441][ T5925] usb 3-1: USB disconnect, device number 113 [ 924.391835][ T5877] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 924.407181][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 924.428777][ T5877] usb 4-1: config 0 descriptor?? [ 924.436210][ T5877] cp210x 4-1:0.0: cp210x converter detected [ 925.050248][ T5877] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 925.068660][ T5877] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 925.078462][ T5877] usb 4-1: cp210x converter now attached to ttyUSB0 [ 925.097543][ T5877] usb 4-1: USB disconnect, device number 109 [ 925.123784][ T5877] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 925.160702][ T5877] cp210x 4-1:0.0: device disconnected [ 925.202382][T32463] netlink: 'syz.2.12015': attribute type 10 has an invalid length. [ 925.254751][T32463] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 925.388490][T32467] program syz.5.12017 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 925.702347][T32487] bond0: (slave bond2): Error -95 calling ndo_bpf [ 925.748522][T32487] netlink: 'syz.3.12026': attribute type 10 has an invalid length. [ 925.844011][T32487] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 928.065287][T32576] netlink: 16 bytes leftover after parsing attributes in process `syz.5.12062'. [ 930.185637][T32661] netlink: 'syz.5.12099': attribute type 10 has an invalid length. [ 930.207869][T32661] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 930.267728][T32667] random: crng reseeded on system resumption [ 930.511697][T32674] tmpfs: Cannot disable swap on remount [ 931.086435][ T29] audit: type=1326 audit(2134218257.492:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32692 comm="syz.1.12113" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f69ac385d29 code=0x0 [ 931.210892][T32701] netlink: 14244 bytes leftover after parsing attributes in process `syz.2.12117'. [ 931.522215][T32714] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12122'. [ 931.565242][T32716] vxcan0: entered allmulticast mode [ 931.580058][T32716] vxcan0: left allmulticast mode [ 931.720249][T32724] ALSA: mixer_oss: invalid OSS volume '' [ 931.903003][T32734] syz.2.12132[32734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 931.903125][T32734] syz.2.12132[32734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 931.915410][T32734] syz.2.12132[32734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 932.057211][ T5877] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 932.247423][ T5877] usb 4-1: Using ep0 maxpacket: 32 [ 932.254547][ T5877] usb 4-1: config 0 interface 0 has no altsetting 0 [ 932.264959][ T5877] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 932.274628][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 932.283015][ T5877] usb 4-1: Product: syz [ 932.295929][ T5877] usb 4-1: Manufacturer: syz [ 932.303839][ T5877] usb 4-1: SerialNumber: syz [ 932.312009][ T5877] usb 4-1: config 0 descriptor?? [ 932.724515][ T5877] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 933.133872][ T5877] gs_usb 4-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 933.176557][ T5877] usb 4-1: USB disconnect, device number 110 [ 933.335725][ T29] audit: type=1800 audit(2134218259.742:730): pid=313 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.12151" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 933.337388][ T5875] usb 3-1: new high-speed USB device number 114 using dummy_hcd [ 933.528941][ T5875] usb 3-1: config 0 has an invalid interface number: 255 but max is 0 [ 933.547181][ T5875] usb 3-1: config 0 has no interface number 0 [ 933.553604][ T5875] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 933.582289][ T5875] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 933.610296][ T5875] usb 3-1: config 0 interface 255 has no altsetting 0 [ 933.626299][ T5875] usb 3-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 933.642293][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 933.663222][ T5875] usb 3-1: config 0 descriptor?? [ 933.694594][ T5875] ums-realtek 3-1:0.255: USB Mass Storage device detected [ 933.955385][T29175] usb 3-1: USB disconnect, device number 114 [ 934.741213][ T29] audit: type=1326 audit(2134218261.152:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=369 comm="syz.5.12175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 934.781540][ T29] audit: type=1326 audit(2134218261.152:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=369 comm="syz.5.12175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 934.816551][ T29] audit: type=1326 audit(2134218261.182:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=369 comm="syz.5.12175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 934.881734][ T29] audit: type=1326 audit(2134218261.182:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=369 comm="syz.5.12175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 934.943267][ T29] audit: type=1326 audit(2134218261.182:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=369 comm="syz.5.12175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 934.964793][ C1] vkms_vblank_simulate: vblank timer overrun [ 935.053296][ T373] syz.2.12178 (373): drop_caches: 2 [ 935.521725][ T400] CUSE: info not properly terminated [ 935.721140][ T406] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 936.367255][ T5877] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 936.377880][ T25] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 936.454335][ T433] netlink: 2 bytes leftover after parsing attributes in process `syz.6.12204'. [ 936.519559][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 936.543112][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 936.554538][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 936.575738][ T25] usb 2-1: config 0 interface 0 has no altsetting 0 [ 936.585867][ T5877] usb 4-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 936.612822][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 936.625961][ T25] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 936.637313][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 936.645461][ T25] usb 2-1: Product: syz [ 936.656474][ T5877] usb 4-1: config 0 descriptor?? [ 936.664206][ T25] usb 2-1: Manufacturer: syz [ 936.680838][ T25] usb 2-1: SerialNumber: syz [ 936.693123][ T25] usb 2-1: config 0 descriptor?? [ 936.760937][ T447] netlink: 'syz.5.12211': attribute type 4 has an invalid length. [ 936.770674][ T447] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.12211'. [ 937.075019][ T459] openvswitch: netlink: nsh attribute has 65512 unknown bytes. [ 937.084114][ T459] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 937.116043][ T25] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 937.287409][ T5875] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 937.300622][ T5877] hid-led 0003:1D34:000A.0109: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.3-1/input0 [ 937.315570][ T5877] hid-led 0003:1D34:000A.0109: Dream Cheeky Webmail Notifier initialized [ 937.437337][ T5875] usb 3-1: Using ep0 maxpacket: 8 [ 937.446194][ T5875] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 937.469882][ T5875] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1040, setting to 1024 [ 937.483566][ T5875] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 937.496633][ T5875] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 937.511492][ T5875] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 937.532232][ T25] usb 2-1: USB disconnect, device number 104 [ 937.535080][T29175] usb 4-1: USB disconnect, device number 111 [ 937.551241][ T5875] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 937.567365][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 937.582049][ T5875] usb 3-1: Product: syz [ 937.586395][ T5875] usb 3-1: Manufacturer: syz [ 937.599453][ T5875] usb 3-1: SerialNumber: syz [ 937.811604][ T5875] cdc_ncm 3-1:1.0: bind() failure [ 937.824571][ T5875] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 937.832313][ T5875] cdc_ncm 3-1:1.1: bind() failure [ 937.840582][ T5875] usb 3-1: USB disconnect, device number 115 [ 938.477372][ T25] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 938.644260][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 938.663096][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 938.692381][ T25] usb 2-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 938.705181][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 938.720974][ T25] usb 2-1: config 0 descriptor?? [ 938.877405][T32425] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 939.062772][T32425] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 939.087853][T32425] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 939.112120][T32425] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 939.125750][T32425] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 939.143400][T32425] usb 4-1: SerialNumber: syz [ 939.156681][ T25] kye 0003:0458:5010.010A: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 939.180771][ T25] kye 0003:0458:5010.010A: unknown main item tag 0x0 [ 939.193704][ T25] kye 0003:0458:5010.010A: unknown main item tag 0x0 [ 939.201938][ T25] kye 0003:0458:5010.010A: unknown main item tag 0x0 [ 939.216193][ T25] kye 0003:0458:5010.010A: unknown main item tag 0x0 [ 939.223406][ T25] kye 0003:0458:5010.010A: unknown main item tag 0x0 [ 939.240687][ T25] kye 0003:0458:5010.010A: hidraw0: USB HID v0.00 Device [HID 0458:5010] on usb-dummy_hcd.1-1/input0 [ 939.260314][ T25] kye 0003:0458:5010.010A: tablet-enabling feature report not found [ 939.272426][ T25] kye 0003:0458:5010.010A: tablet enabling failed [ 939.360424][ T25] usb 2-1: USB disconnect, device number 105 [ 939.396779][T32425] usb 4-1: 0:2 : does not exist [ 939.413635][T32425] usb 4-1: USB disconnect, device number 112 [ 939.537691][ T5877] usb 3-1: new high-speed USB device number 116 using dummy_hcd [ 939.687718][ T5877] usb 3-1: Using ep0 maxpacket: 16 [ 939.694433][ T5877] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 939.714354][ T5877] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 939.724130][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 939.732569][ T5877] usb 3-1: Product: syz [ 939.736782][ T5877] usb 3-1: Manufacturer: syz [ 939.741625][ T5877] usb 3-1: SerialNumber: syz [ 939.748172][ T5877] usb 3-1: config 0 descriptor?? [ 939.755161][ T5877] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 939.765950][ T5877] usb 3-1: Detected FT232R [ 939.966473][ T5877] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 939.975704][ T532] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12248'. [ 939.986640][ T532] netlink: 48 bytes leftover after parsing attributes in process `syz.1.12248'. [ 939.996340][ T532] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12248'. [ 940.027634][ T532] vlan5: entered allmulticast mode [ 940.183452][ T5877] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 940.294403][ T29] audit: type=1326 audit(2134218266.702:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=528 comm="syz.5.12247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7fc00000 [ 940.316499][ C1] vkms_vblank_simulate: vblank timer overrun [ 940.401920][T29175] usb 3-1: USB disconnect, device number 116 [ 940.412384][T29175] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 940.447622][T29175] ftdi_sio 3-1:0.0: device disconnected [ 940.630596][ T548] dummy0: entered promiscuous mode [ 940.664049][ T548] dummy0: left promiscuous mode [ 941.267999][ T571] team0: entered promiscuous mode [ 941.274914][ T571] team_slave_0: entered promiscuous mode [ 941.292481][ T571] team_slave_1: entered promiscuous mode [ 941.303147][ T568] team0: left promiscuous mode [ 941.316420][ T568] team_slave_0: left promiscuous mode [ 941.331858][ T568] team_slave_1: left promiscuous mode [ 942.275287][ T618] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12287'. [ 942.297375][ T618] netlink: 48 bytes leftover after parsing attributes in process `syz.2.12287'. [ 942.304861][ T620] netlink: 104 bytes leftover after parsing attributes in process `syz.5.12289'. [ 942.316435][ T618] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12287'. [ 942.345938][ T618] vlan3: entered allmulticast mode [ 942.355375][ T618] bridge_slave_0: entered allmulticast mode [ 943.928988][ T703] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12323'. [ 944.184041][ T29] audit: type=1326 audit(2134218270.592:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=713 comm="syz.1.12327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69ac385d29 code=0x7ffc0000 [ 944.234018][ T29] audit: type=1326 audit(2134218270.592:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=713 comm="syz.1.12327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69ac385d29 code=0x7ffc0000 [ 944.281647][ T29] audit: type=1326 audit(2134218270.592:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=713 comm="syz.1.12327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f69ac385d29 code=0x7ffc0000 [ 944.324236][ T29] audit: type=1326 audit(2134218270.592:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=713 comm="syz.1.12327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69ac385d29 code=0x7ffc0000 [ 944.372623][ T29] audit: type=1326 audit(2134218270.592:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=713 comm="syz.1.12327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69ac385d29 code=0x7ffc0000 [ 944.395180][ T29] audit: type=1326 audit(2134218270.592:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=713 comm="syz.1.12327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f69ac385d29 code=0x7ffc0000 [ 944.417467][ T29] audit: type=1326 audit(2134218270.592:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=713 comm="syz.1.12327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69ac385d29 code=0x7ffc0000 [ 944.439166][ T29] audit: type=1326 audit(2134218270.592:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=713 comm="syz.1.12327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69ac385d29 code=0x7ffc0000 [ 944.461165][ T29] audit: type=1326 audit(2134218270.592:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=713 comm="syz.1.12327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7f69ac385d29 code=0x7ffc0000 [ 944.745777][ T738] Process accounting resumed [ 944.903583][ T744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12342'. [ 944.925719][ T746] veth0_to_bridge: entered promiscuous mode [ 944.933029][ T745] veth0_to_bridge: left promiscuous mode [ 945.450403][ T762] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12350'. [ 945.767400][T29175] usb 6-1: new high-speed USB device number 88 using dummy_hcd [ 945.928008][T29175] usb 6-1: Using ep0 maxpacket: 32 [ 945.938676][T29175] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 945.946823][T29175] usb 6-1: config 0 has no interface number 0 [ 945.966163][T29175] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 945.981798][T29175] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 945.995154][T29175] usb 6-1: Product: syz [ 946.004985][T29175] usb 6-1: Manufacturer: syz [ 946.013477][T29175] usb 6-1: SerialNumber: syz [ 946.024419][T29175] usb 6-1: config 0 descriptor?? [ 946.036387][ T784] Falling back ldisc for ttyS3. [ 946.039686][T29175] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 946.042394][ T782] netlink: 'syz.6.12358': attribute type 5 has an invalid length. [ 946.290200][ T792] vcan0: tx drop: invalid da for name 0x000000000000c700 [ 946.306205][T29175] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 946.366640][T29175] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 946.508246][ T764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 946.523771][ T764] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 946.754272][ T5925] usb 6-1: USB disconnect, device number 88 [ 946.757133][ C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 946.765182][ T5925] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 946.818972][ T5925] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 946.862834][ T5925] quatech2 6-1:0.51: device disconnected [ 947.857242][ T5925] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 948.007768][ T5925] usb 2-1: Using ep0 maxpacket: 16 [ 948.047860][ T5925] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 948.077210][T32425] usb 6-1: new high-speed USB device number 89 using dummy_hcd [ 948.095147][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 948.128396][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 948.138409][ T5925] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 948.150532][ T5925] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 948.165835][ T5925] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 948.175196][ T5925] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 948.184226][ T5925] usb 2-1: Manufacturer: syz [ 948.191057][ T5925] usb 2-1: config 0 descriptor?? [ 948.239898][T32425] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 948.249312][T32425] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 948.263329][T32425] usb 6-1: config 0 descriptor?? [ 948.292663][ T844] batadv0: entered promiscuous mode [ 948.299531][ T843] batadv0: left promiscuous mode [ 948.558006][T32425] ath6kl: Failed to submit usb control message: -71 [ 948.566764][T32425] ath6kl: unable to send the bmi data to the device: -71 [ 948.574258][T32425] ath6kl: Unable to send get target info: -71 [ 948.599570][ T5925] rc_core: IR keymap rc-hauppauge not found [ 948.605643][ T5925] Registered IR keymap rc-empty [ 948.610710][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.618768][T32425] ath6kl: Failed to init ath6kl core: -71 [ 948.625503][T32425] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 948.647812][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.681505][T32425] usb 6-1: USB disconnect, device number 89 [ 948.689301][ T5925] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 948.709165][ T5925] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input168 [ 948.747388][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.777373][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.785131][ T858] sctp: [Deprecated]: syz.6.12390 (pid 858) Use of int in max_burst socket option. [ 948.785131][ T858] Use struct sctp_assoc_value instead [ 948.817340][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.837188][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.858829][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.879549][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.898285][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.917376][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.938907][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.957461][ T5925] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 948.979022][ T5925] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 949.012628][ T5925] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 949.093015][ T5925] usb 2-1: USB disconnect, device number 106 [ 949.725583][ T897] ceph: missing cluster fsid [ 949.731866][ T897] ceph: separator ':' missing in source [ 949.808827][ T5877] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 949.967273][ T5877] usb 4-1: Using ep0 maxpacket: 8 [ 949.977846][ T5877] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 949.992800][ T5877] usb 4-1: config 179 has no interface number 0 [ 950.001110][ T5877] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 950.016161][ T5877] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 950.030398][ T5877] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 950.042020][ T5877] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 950.059695][ T5877] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 950.076541][ T5877] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 950.089028][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 950.111053][ T890] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 950.366492][ T890] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 950.373101][ T890] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 950.398918][ T890] vhci_hcd vhci_hcd.0: Device attached [ 950.412217][ T929] vhci_hcd: connection closed [ 950.414319][ T5834] usb 4-1: USB disconnect, device number 113 [ 950.414400][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 950.438227][ C1] dummy_hcd dummy_hcd.3: timer fired with no URBs pending? [ 950.455179][T24275] vhci_hcd: stop threads [ 950.460031][T24275] vhci_hcd: release socket [ 950.464618][T24275] vhci_hcd: disconnect device [ 951.043585][ T959] netlink: 188 bytes leftover after parsing attributes in process `syz.3.12427'. [ 951.212175][ T963] IPVS: persistence engine module ip_vs_pe_ not found [ 952.147354][ T5834] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 952.297174][ T5834] usb 2-1: Using ep0 maxpacket: 16 [ 952.306095][ T5834] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 952.320767][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 952.328999][ T5834] usb 2-1: Product: syz [ 952.333209][ T5834] usb 2-1: Manufacturer: syz [ 952.338063][ T5834] usb 2-1: SerialNumber: syz [ 952.352009][ T5834] r8152-cfgselector 2-1: Unknown version 0x0000 [ 952.355270][ T1010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12446'. [ 952.360976][ T5834] r8152-cfgselector 2-1: config 0 descriptor?? [ 952.829161][ T5877] r8152-cfgselector 2-1: USB disconnect, device number 107 [ 952.983308][ T1030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12454'. [ 954.257387][T28337] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 954.504808][ T1104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12484'. [ 955.167249][ T5925] usb 3-1: new full-speed USB device number 117 using dummy_hcd [ 955.320148][ T5925] usb 3-1: config 246 has an invalid interface number: 166 but max is 0 [ 955.332787][ T5925] usb 3-1: config 246 has no interface number 0 [ 955.345261][ T5925] usb 3-1: config 246 interface 166 altsetting 118 has an endpoint descriptor with address 0xAA, changing to 0x8A [ 955.370726][ T5925] usb 3-1: config 246 interface 166 altsetting 118 endpoint 0x8A has invalid wMaxPacketSize 0 [ 955.403473][ T5925] usb 3-1: config 246 interface 166 has no altsetting 0 [ 955.413831][ T5925] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63 [ 955.441251][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 955.450451][ T5925] usb 3-1: Product: syz [ 955.454821][ T5925] usb 3-1: Manufacturer: syz [ 955.468606][ T5925] usb 3-1: SerialNumber: syz [ 955.773977][ T1149] netlink: 'syz.3.12503': attribute type 2 has an invalid length. [ 956.102855][ T5925] usb 3-1: Limiting number of CPorts to U8_MAX [ 956.115185][ T5925] usb 3-1: Unknown endpoint type found, address 0x0b [ 956.128297][ T5925] usb 3-1: Unknown endpoint type found, address 0x8a [ 956.135223][ T5925] usb 3-1: Not enough endpoints found in device, aborting! [ 956.271971][ T1171] block nbd3: shutting down sockets [ 956.374732][T29175] usb 3-1: USB disconnect, device number 117 [ 957.183880][ T1216] xt_CT: You must specify a L4 protocol and not use inversions on it [ 958.182634][ T1255] Cannot find set identified by id 0 to match [ 958.673845][ T1271] vxcan1: tx address claim with dest, not broadcast [ 958.748161][ T5834] usb 6-1: new high-speed USB device number 90 using dummy_hcd [ 958.908960][ T5834] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 958.930354][ T5834] usb 6-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 958.944451][ T5834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 958.969396][ T5834] usb 6-1: config 0 descriptor?? [ 958.986340][ T5834] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 959.197253][ T5875] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 959.220000][T29175] usb 6-1: USB disconnect, device number 90 [ 959.350234][ T5875] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 959.359960][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 959.378732][ T5875] usb 4-1: config 0 descriptor?? [ 959.427668][ T5834] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 959.587248][ T5834] usb 3-1: Using ep0 maxpacket: 8 [ 959.597377][ T5834] usb 3-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 959.606613][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 959.615536][ T5834] usb 3-1: Product: syz [ 959.626455][ T5834] usb 3-1: Manufacturer: syz [ 959.632103][ T5834] usb 3-1: SerialNumber: syz [ 959.643545][ T5875] ath6kl: Failed to submit usb control message: -71 [ 959.651624][ T5875] ath6kl: unable to send the bmi data to the device: -71 [ 959.659992][ T5834] usb 3-1: config 0 descriptor?? [ 959.665145][ T5875] ath6kl: Unable to send get target info: -71 [ 959.672909][ T5875] ath6kl: Failed to init ath6kl core: -71 [ 959.679477][ T5875] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 959.692470][ T5834] gspca_main: vc032x-2.14.0 probing 046d:0896 [ 959.704244][ T5875] usb 4-1: USB disconnect, device number 114 [ 960.534718][ T5834] gspca_vc032x: reg_w err -71 [ 960.540255][ T5834] vc032x 3-1:0.0: probe with driver vc032x failed with error -71 [ 960.553074][ T5834] usb 3-1: USB disconnect, device number 118 [ 960.849585][ T1356] netlink: 16 bytes leftover after parsing attributes in process `syz.6.12586'. [ 961.451669][ T1377] IPv6: NLM_F_REPLACE set, but no existing node found! [ 961.456924][ T1375] netlink: 'syz.2.12595': attribute type 1 has an invalid length. [ 962.659111][ T1445] netlink: 8 bytes leftover after parsing attributes in process `syz.5.12624'. [ 962.855587][ T1455] netlink: 'syz.3.12629': attribute type 21 has an invalid length. [ 962.885096][ T1455] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12629'. [ 963.266384][ T1476] netlink: 32 bytes leftover after parsing attributes in process `syz.1.12639'. [ 964.897282][ T5875] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 965.057537][ T5875] usb 3-1: Using ep0 maxpacket: 16 [ 965.067876][ T5875] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 965.079170][ T5875] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 965.097526][ T5875] usb 3-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 965.126049][ T5875] usb 3-1: config 0 interface 0 has no altsetting 0 [ 965.147212][ T5875] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 965.166657][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 965.189954][ T5875] usb 3-1: config 0 descriptor?? [ 965.388726][ T1556] netlink: 'syz.3.12674': attribute type 39 has an invalid length. [ 965.642848][ T5875] hid (null): bogus close delimiter [ 965.657828][ T5875] hid (null): unknown global tag 0xe [ 965.681512][ T5875] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5010.010B/input/input169 [ 965.720973][ T5875] kye 0003:0458:5010.010B: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0 [ 965.736845][ T1564] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12677'. [ 965.844396][ T5875] usb 3-1: USB disconnect, device number 119 [ 966.038988][ T1576] input: syz1 as /devices/virtual/input/input170 [ 966.759602][ T1605] vim2m vim2m.0: vidioc_s_fmt queue busy [ 966.869635][ T1611] netlink: 104 bytes leftover after parsing attributes in process `syz.3.12700'. [ 967.961590][ T1648] netlink: 'syz.2.12713': attribute type 2 has an invalid length. [ 967.983744][ T1648] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.12713'. [ 968.192698][ T1657] UBIFS error (pid: 1657): cannot open "/dev/loop3", error -22 [ 968.221230][ T1661] netlink: 'syz.2.12718': attribute type 1 has an invalid length. [ 968.610544][ T1680] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 969.048768][ T1703] netlink: 243 bytes leftover after parsing attributes in process `syz.1.12739'. [ 969.070974][ T1703] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 969.295035][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 969.295056][ T29] audit: type=1326 audit(2134218551.700:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1711 comm="syz.2.12744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 969.357854][ T29] audit: type=1326 audit(2134218551.740:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1711 comm="syz.2.12744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 969.379491][ C1] vkms_vblank_simulate: vblank timer overrun [ 969.394361][ T29] audit: type=1326 audit(2134218551.750:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1711 comm="syz.2.12744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 969.415950][ C1] vkms_vblank_simulate: vblank timer overrun [ 969.458592][ T29] audit: type=1326 audit(2134218551.750:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1711 comm="syz.2.12744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 969.506752][ T29] audit: type=1326 audit(2134218551.750:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1711 comm="syz.2.12744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 969.552150][ T29] audit: type=1326 audit(2134218551.750:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1711 comm="syz.2.12744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 969.614227][ T29] audit: type=1326 audit(2134218551.750:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1711 comm="syz.2.12744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 969.636798][ T29] audit: type=1326 audit(2134218551.750:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1711 comm="syz.2.12744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 969.659067][ T29] audit: type=1326 audit(2134218551.750:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1711 comm="syz.2.12744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 969.680969][ T29] audit: type=1326 audit(2134218551.750:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1711 comm="syz.2.12744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bdbb85d29 code=0x7ffc0000 [ 969.925127][ T1743] netlink: 88 bytes leftover after parsing attributes in process `syz.2.12757'. [ 970.737301][ T5875] usb 6-1: new high-speed USB device number 91 using dummy_hcd [ 970.933442][ T5875] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 970.947290][ T5875] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 970.957619][ T5875] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 970.966735][ T5875] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 970.990680][ T1766] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 971.001344][ T5875] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 971.159743][ T1786] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 971.298681][ T5875] usb 6-1: USB disconnect, device number 91 [ 971.640274][ T1803] binder: 1802:1803 ioctl 400c620e 200014c0 returned -22 [ 971.710814][ T1807] netlink: 'syz.3.12785': attribute type 4 has an invalid length. [ 972.018074][ T5834] usb 4-1: new high-speed USB device number 115 using dummy_hcd [ 972.197710][ T5834] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 972.227347][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 972.246374][ T5834] usb 4-1: config 0 descriptor?? [ 972.266906][ T5834] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 972.372695][ T1836] serio: Serial port ptm0 [ 972.478479][ T5834] gp8psk: usb in 128 operation failed. [ 972.488012][ T5834] gp8psk: usb in 137 operation failed. [ 972.493548][ T5834] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 972.512385][ T5834] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver) [ 972.521679][ T5834] usb 4-1: media controller created [ 972.556840][ T5834] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 972.625880][ T5834] gp8psk_fe: Frontend attached [ 972.638777][ T5834] usb 4-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 972.661074][ T5834] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 972.898292][ T5877] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 972.931096][ T5834] gp8psk: usb in 137 operation failed. [ 972.936647][ T5834] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected. [ 972.957124][ T5834] gp8psk: found Genpix USB device pID = 203 (hex) [ 972.974085][ T5834] usb 4-1: USB disconnect, device number 115 [ 973.068706][ T5877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 973.090968][ T5877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 973.113643][ T5834] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected. [ 973.115121][ T5877] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 973.157288][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 973.180885][ T5877] usb 3-1: config 0 descriptor?? [ 973.344740][ T1863] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12809'. [ 974.016765][ T5877] hid-led 0003:27B8:01ED.010C: probe with driver hid-led failed with error -71 [ 974.043702][ T5877] usb 3-1: USB disconnect, device number 120 [ 975.417892][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 975.417913][ T29] audit: type=1326 audit(2134218557.830:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1932 comm="syz.3.12842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 975.446023][ C1] vkms_vblank_simulate: vblank timer overrun [ 975.463966][ T29] audit: type=1326 audit(2134218557.860:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1932 comm="syz.3.12842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 975.487397][ T29] audit: type=1326 audit(2134218557.870:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1932 comm="syz.3.12842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 975.510196][ T29] audit: type=1326 audit(2134218557.900:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1932 comm="syz.3.12842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 975.531943][ C1] vkms_vblank_simulate: vblank timer overrun [ 975.538881][ T29] audit: type=1326 audit(2134218557.900:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1932 comm="syz.3.12842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 975.565473][ T29] audit: type=1326 audit(2134218557.970:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1932 comm="syz.3.12842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 975.602867][ T29] audit: type=1326 audit(2134218558.010:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1932 comm="syz.3.12842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 975.630720][ T29] audit: type=1326 audit(2134218558.010:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1932 comm="syz.3.12842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff27657cce7 code=0x7ffc0000 [ 975.657231][ T29] audit: type=1326 audit(2134218558.010:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1932 comm="syz.3.12842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff276521f29 code=0x7ffc0000 [ 975.678739][ C1] vkms_vblank_simulate: vblank timer overrun [ 975.711775][ T29] audit: type=1326 audit(2134218558.010:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1932 comm="syz.3.12842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff27657cce7 code=0x7ffc0000 [ 975.870578][ T1946] netlink: 56 bytes leftover after parsing attributes in process `syz.1.12846'. [ 975.917822][ T1946] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12846'. [ 976.108934][ T1955] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12850'. [ 976.534996][ T1979] omfs: Invalid superblock (0) [ 976.860214][ T1998] smc: net device bond0 erased user defined pnetid SYZ2 [ 976.868813][ T1998] smc: net device ip6tnl0 erased user defined pnetid SYZ0 [ 977.007202][ T5834] usb 4-1: new high-speed USB device number 116 using dummy_hcd [ 977.157375][ T5834] usb 4-1: Using ep0 maxpacket: 8 [ 977.173246][ T1992] netlink: 'syz.3.12866': attribute type 4 has an invalid length. [ 977.189466][ T5834] usb 4-1: unable to get BOS descriptor or descriptor too short [ 977.196449][ T2009] netlink: 'syz.5.12875': attribute type 1 has an invalid length. [ 977.205145][ T2009] netlink: 'syz.5.12875': attribute type 4 has an invalid length. [ 977.213762][ T5834] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 977.213804][ T5834] usb 4-1: can't read configurations, error -71 [ 977.236228][ T2009] netlink: 188 bytes leftover after parsing attributes in process `syz.5.12875'. [ 977.246684][ T2011] netlink: 'syz.6.12874': attribute type 2 has an invalid length. [ 977.250646][ T2009] NCSI netlink: No device for ifindex 458760 [ 977.272872][ T2011] netlink: 100 bytes leftover after parsing attributes in process `syz.6.12874'. [ 978.288286][ T2040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12889'. [ 978.356602][ T2040] veth1_macvtap: left promiscuous mode [ 978.957737][ T2059] Falling back ldisc for ttyS3. [ 979.267346][ T5875] usb 6-1: new high-speed USB device number 92 using dummy_hcd [ 979.440743][ T5875] usb 6-1: Using ep0 maxpacket: 16 [ 979.464784][ T5875] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 979.481929][ T5875] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 979.648647][ T5875] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 979.658859][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 979.666918][ T5875] usb 6-1: Product: syz [ 979.671784][ T5875] usb 6-1: Manufacturer: syz [ 979.676442][ T5875] usb 6-1: SerialNumber: syz [ 979.683339][ T5875] usb 6-1: config 0 descriptor?? [ 979.693849][ T5875] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 979.703756][ T5875] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 979.711124][ T5834] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 979.873255][ T5834] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 979.883432][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 979.908849][ T5834] usb 3-1: Product: syz [ 979.914005][ T5834] usb 3-1: Manufacturer: syz [ 979.921570][ T5834] usb 3-1: SerialNumber: syz [ 979.929640][ T5834] usb 3-1: config 0 descriptor?? [ 979.939903][ T2097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12914'. [ 979.997936][ T2097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12914'. [ 980.184779][T32425] usb 3-1: USB disconnect, device number 121 [ 980.305962][ T5875] em28xx 6-1:0.0: chip ID is em2870 [ 980.321791][ T2113] netlink: 'syz.1.12919': attribute type 11 has an invalid length. [ 980.526483][ T5875] usb 6-1: USB disconnect, device number 92 [ 980.537621][ T5875] em28xx 6-1:0.0: Disconnecting em28xx [ 980.552061][ T5875] em28xx 6-1:0.0: Freeing device [ 980.592684][ T2122] netlink: 'syz.1.12924': attribute type 21 has an invalid length. [ 980.621779][ T2122] netlink: 128 bytes leftover after parsing attributes in process `syz.1.12924'. [ 980.632410][ T2122] netlink: 'syz.1.12924': attribute type 4 has an invalid length. [ 980.640625][ T2122] netlink: 'syz.1.12924': attribute type 5 has an invalid length. [ 980.651194][ T2122] netlink: 3 bytes leftover after parsing attributes in process `syz.1.12924'. [ 981.131125][ T2146] netlink: 52 bytes leftover after parsing attributes in process `syz.5.12935'. [ 981.277305][T32425] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 981.295761][ T2150] sctp: [Deprecated]: syz.5.12937 (pid 2150) Use of int in max_burst socket option deprecated. [ 981.295761][ T2150] Use struct sctp_assoc_value instead [ 981.439287][T32425] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 981.462330][T32425] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 981.487310][T32425] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 981.496371][T32425] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 981.515119][T32425] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 981.529253][T32425] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 981.539306][T32425] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 981.548344][T32425] usb 3-1: Product: syz [ 981.559484][ T2163] syz.3.12943: attempt to access beyond end of device [ 981.559484][ T2163] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 981.573846][T32425] usb 3-1: Manufacturer: syz [ 981.581601][ T2163] syz.3.12943: attempt to access beyond end of device [ 981.581601][ T2163] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 981.596861][T32425] cdc_wdm 3-1:1.0: skipping garbage [ 981.603272][T32425] cdc_wdm 3-1:1.0: skipping garbage [ 981.610526][T32425] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 981.616581][T32425] cdc_wdm 3-1:1.0: Unknown control protocol [ 981.633048][ T2163] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 981.645865][ T2163] syz.3.12943: attempt to access beyond end of device [ 981.645865][ T2163] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 981.661032][ T2163] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 981.670983][ T2163] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 981.679189][ T2163] UDF-fs: Scanning with blocksize 512 failed [ 981.711040][ T2163] syz.3.12943: attempt to access beyond end of device [ 981.711040][ T2163] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 981.730986][ T2163] syz.3.12943: attempt to access beyond end of device [ 981.730986][ T2163] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 981.744917][ T2163] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 981.756555][ T2163] syz.3.12943: attempt to access beyond end of device [ 981.756555][ T2163] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 981.770185][ T2163] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 981.787260][ T2163] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 981.794934][ T2163] UDF-fs: Scanning with blocksize 1024 failed [ 981.811963][ T5877] usb 3-1: USB disconnect, device number 122 [ 981.822042][ T2163] syz.3.12943: attempt to access beyond end of device [ 981.822042][ T2163] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 981.842953][ T2163] syz.3.12943: attempt to access beyond end of device [ 981.842953][ T2163] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 981.862353][ T2163] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 981.888357][ T2163] syz.3.12943: attempt to access beyond end of device [ 981.888357][ T2163] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 981.905343][ T2163] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 981.919142][ T2163] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 981.919539][ T2172] tap0: tun_chr_ioctl cmd 2148553947 [ 981.929265][ T2163] UDF-fs: Scanning with blocksize 2048 failed [ 981.945043][ T2163] syz.3.12943: attempt to access beyond end of device [ 981.945043][ T2163] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 981.964628][ T2163] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 981.976356][ T2163] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 981.988758][ T2163] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 981.996395][ T2163] UDF-fs: Scanning with blocksize 4096 failed [ 981.996414][ T2163] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 982.180332][ T29] kauditd_printk_skb: 82 callbacks suppressed [ 982.180354][ T29] audit: type=1326 audit(2134218564.590:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2179 comm="syz.3.12951" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x0 [ 983.347410][T32425] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 983.537194][T32425] usb 4-1: Using ep0 maxpacket: 8 [ 983.544300][T32425] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 983.553782][T32425] usb 4-1: config 0 has an invalid interface number: 21 but max is 0 [ 983.576604][T32425] usb 4-1: config 0 has no interface number 0 [ 983.586169][T32425] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 983.627247][T32425] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 983.654174][T32425] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 983.678956][T32425] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 983.717618][T32425] usb 4-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0 [ 983.725869][T32425] usb 4-1: Product: syz [ 983.744893][T32425] usb 4-1: Manufacturer: syz [ 983.757838][T32425] usb 4-1: config 0 descriptor?? [ 983.765483][ T2217] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 984.204104][ T2257] sch_tbf: burst 19869 is lower than device lo mtu (65550) ! [ 984.275396][ T2259] sch_tbf: peakrate 7 is lower than or equals to rate 62733 ! [ 984.401378][ T2264] program syz.5.12990 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 984.427292][T32425] usb 4-1: USB disconnect, device number 118 [ 984.923439][ T2288] netlink: 24 bytes leftover after parsing attributes in process `syz.5.13001'. [ 984.948830][ T2288] netlink: 12 bytes leftover after parsing attributes in process `syz.5.13001'. [ 985.362225][ T2304] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 985.556797][ T2308] ptrace attach of "./syz-executor exec"[24257] was attempted by ""[2308] [ 985.603917][ T2310] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13009'. [ 985.771188][ T2312] netlink: 16 bytes leftover after parsing attributes in process `syz.5.13011'. [ 986.168794][ T2333] netlink: 36 bytes leftover after parsing attributes in process `syz.5.13019'. [ 986.200581][ T2333] netlink: 24 bytes leftover after parsing attributes in process `syz.5.13019'. [ 986.917983][ T2358] binder: 2356:2358 ioctl c0306201 20000940 returned -14 [ 987.260259][ T2378] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13036'. [ 987.283575][ T2378] gretap0: left promiscuous mode [ 987.302239][ T2378] netlink: 'syz.5.13036': attribute type 1 has an invalid length. [ 987.318099][ T2378] netlink: 'syz.5.13036': attribute type 2 has an invalid length. [ 987.537572][T29175] usb 4-1: new high-speed USB device number 119 using dummy_hcd [ 987.701739][T29175] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 987.716448][T29175] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 987.731781][T29175] usb 4-1: config 0 descriptor?? [ 987.740781][T29175] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 988.159448][T29175] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 988.569429][T29175] gspca_cpia1: usb_control_msg 02, error -71 [ 988.579111][T29175] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0) [ 988.596367][T29175] usb 4-1: USB disconnect, device number 119 [ 989.089979][ T2454] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13068'. [ 989.111789][ T2454] netlink: 12 bytes leftover after parsing attributes in process `syz.6.13068'. [ 989.167239][ T5875] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 989.329224][ T5875] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 989.348016][ T5875] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 989.361103][ T5875] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 989.367915][T32425] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 989.371709][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 989.390993][ T5875] usb 3-1: SerialNumber: syz [ 989.509312][ T2477] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13076'. [ 989.547850][T32425] usb 2-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 989.562112][T32425] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 989.590681][T32425] usb 2-1: config 0 descriptor?? [ 989.617706][ T5875] usb 3-1: 0:2 : does not exist [ 989.648203][ T5875] usb 3-1: USB disconnect, device number 123 [ 990.116189][ T2501] netlink: 80 bytes leftover after parsing attributes in process `syz.6.13086'. [ 990.428201][T32425] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 990.447813][T32425] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 990.470077][T32425] asix 2-1:0.0: probe with driver asix failed with error -71 [ 990.495007][T32425] usb 2-1: USB disconnect, device number 108 [ 990.893755][T28337] Bluetooth: hci5: unexpected event for opcode 0x0c7c [ 991.005758][ T2541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13101'. [ 991.016652][ T2541] bridge_slave_0: entered promiscuous mode [ 991.086073][ T2545] dummy0: Device is already in use. [ 991.305412][ T2560] program syz.1.13107 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 991.828867][ T2588] bridge: RTM_NEWNEIGH with unconfigured vlan 1 on bridge0 [ 992.537161][ T5834] usb 4-1: new high-speed USB device number 120 using dummy_hcd [ 992.703462][ T5834] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 992.716729][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 992.739078][ T2639] program syz.6.13148 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 992.765272][ T5834] usb 4-1: config 0 descriptor?? [ 992.784851][ T5834] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 993.191089][ T5834] cpia1 4-1:0.0: unexpected state after lo power cmd: d0 [ 993.603856][ T5834] gspca_cpia1: usb_control_msg 02, error -71 [ 993.610646][ T5834] gspca_cpia1: usb_control_msg 05, error -71 [ 993.616946][ T5834] cpia1 4-1:0.0: unexpected systemstate: d0 [ 993.629303][ T5834] usb 4-1: USB disconnect, device number 120 [ 994.901496][T28337] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 994.911365][T28337] Bluetooth: hci5: Injecting HCI hardware error event [ 994.925139][ T5130] Bluetooth: hci5: hardware error 0x00 [ 995.050923][ T2740] Falling back ldisc for ttyS3. [ 995.487174][ T5925] usb 6-1: new high-speed USB device number 93 using dummy_hcd [ 995.627231][T29175] usb 3-1: new high-speed USB device number 124 using dummy_hcd [ 995.668331][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 995.680409][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 995.694080][ T5925] usb 6-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 995.713203][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 995.729412][ T5925] usb 6-1: config 0 descriptor?? [ 995.787611][T29175] usb 3-1: Using ep0 maxpacket: 16 [ 995.796695][T29175] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 995.831746][T29175] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 995.847625][T29175] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11 [ 995.867508][T29175] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024 [ 995.891916][T29175] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 995.920229][T29175] usb 3-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 995.938906][T29175] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 995.947523][T29175] usb 3-1: Product: syz [ 995.951740][T29175] usb 3-1: Manufacturer: syz [ 995.956436][T29175] usb 3-1: SerialNumber: syz [ 995.964289][T29175] usb 3-1: config 0 descriptor?? [ 996.222004][T29175] appledisplay 3-1:0.0: Error while getting initial brightness: -71 [ 996.242314][T29175] appledisplay 3-1:0.0: probe with driver appledisplay failed with error -71 [ 996.269067][T29175] usb 3-1: USB disconnect, device number 124 [ 996.549785][ T5925] hid-led 0003:27B8:01ED.010D: probe with driver hid-led failed with error -71 [ 996.569665][ T5925] usb 6-1: USB disconnect, device number 93 [ 996.977874][ T5130] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 997.764383][ T2852] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13217'. [ 998.127639][T29175] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 998.227034][ T29] audit: type=1326 audit(2134218580.620:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2877 comm="syz.5.13226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 998.265349][ T29] audit: type=1326 audit(2134218580.620:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2877 comm="syz.5.13226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 998.289440][ T29] audit: type=1326 audit(2134218580.640:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2877 comm="syz.5.13226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 998.311015][ C1] vkms_vblank_simulate: vblank timer overrun [ 998.312401][T29175] usb 2-1: Using ep0 maxpacket: 16 [ 998.345450][T29175] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 998.357980][ T29] audit: type=1326 audit(2134218580.640:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2877 comm="syz.5.13226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 998.379553][ C1] vkms_vblank_simulate: vblank timer overrun [ 998.386142][T29175] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 998.427492][T29175] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 998.437795][ T29] audit: type=1326 audit(2134218580.640:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2877 comm="syz.5.13226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 998.459454][ C1] vkms_vblank_simulate: vblank timer overrun [ 998.467257][T29175] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 998.508757][T29175] usb 2-1: config 0 descriptor?? [ 998.524460][ T29] audit: type=1326 audit(2134218580.640:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2877 comm="syz.5.13226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 998.546058][ C1] vkms_vblank_simulate: vblank timer overrun [ 998.584837][ T29] audit: type=1326 audit(2134218580.640:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2877 comm="syz.5.13226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 998.632665][ T29] audit: type=1326 audit(2134218580.640:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2877 comm="syz.5.13226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 998.687234][ T29] audit: type=1326 audit(2134218580.640:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2877 comm="syz.5.13226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 998.722921][ T2897] sctp: [Deprecated]: syz.6.13233 (pid 2897) Use of struct sctp_assoc_value in delayed_ack socket option. [ 998.722921][ T2897] Use struct sctp_sack_info instead [ 998.751207][ T29] audit: type=1326 audit(2134218580.640:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=2877 comm="syz.5.13226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x7ffc0000 [ 998.967729][T29175] elan 0003:04F3:0755.010E: unknown main item tag 0x3 [ 998.979713][T29175] elan 0003:04F3:0755.010E: hidraw0: USB HID v0.00 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 999.228197][T29175] usb 2-1: USB disconnect, device number 109 [ 1000.841371][ T2976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13268'. [ 1000.851464][ T2976] netlink: 20 bytes leftover after parsing attributes in process `syz.3.13268'. [ 1001.076710][ T2988] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13274'. [ 1001.695381][ T3011] netlink: 'syz.2.13284': attribute type 1 has an invalid length. [ 1002.244423][ T3037] can0: slcan on ttyS3. [ 1002.377676][ T3037] can0 (unregistered): slcan off ttyS3. [ 1002.383531][ T3037] Falling back ldisc for ttyS3. [ 1002.542626][ T3050] mac80211_hwsim hwsim10 wlan1: entered promiscuous mode [ 1002.593508][ T3050] mac80211_hwsim hwsim10 wlan1: left promiscuous mode [ 1003.393959][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 1003.393982][ T29] audit: type=1326 audit(2134218585.800:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3079 comm="syz.5.13316" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x0 [ 1003.720452][ T3090] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 1004.583596][ T29] audit: type=1326 audit(2134218586.990:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3123 comm="syz.5.13332" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5b0185d29 code=0x0 [ 1005.157286][ T5925] usb 3-1: new high-speed USB device number 125 using dummy_hcd [ 1005.337806][ T5925] usb 3-1: Using ep0 maxpacket: 16 [ 1005.346078][ T5925] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 1005.360248][ T5925] usb 3-1: config 0 has no interface number 0 [ 1005.366514][ T5925] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1005.383343][ T5925] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1005.411986][ T5925] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1005.423588][ T5925] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1005.453171][ T5925] usb 3-1: Product: syz [ 1005.467237][ T5925] usb 3-1: SerialNumber: syz [ 1005.484664][ T5925] usb 3-1: config 0 descriptor?? [ 1005.526588][ T5925] cm109 3-1:0.8: invalid payload size 0, expected 4 [ 1005.534939][ T5925] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input172 [ 1005.589231][ T3172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1005.627705][ T3172] bond0: (slave rose0): Enslaving as an active interface with an up link [ 1005.892557][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1005.901569][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1005.908962][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1005.916300][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1005.924050][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1005.931347][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1005.938660][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1005.945858][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1005.953631][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1005.960976][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1005.968332][ T5925] usb 3-1: USB disconnect, device number 125 [ 1005.968442][ C1] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1005.969278][ T5925] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1006.033534][ T3187] ax25_connect(): syz.1.13357 uses autobind, please contact jreuter@yaina.de [ 1006.246052][ T3199] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1006.382684][ T3206] ax25_connect(): syz.5.13367 uses autobind, please contact jreuter@yaina.de [ 1006.989534][ T3235] sctp: [Deprecated]: syz.2.13381 (pid 3235) Use of int in maxseg socket option. [ 1006.989534][ T3235] Use struct sctp_assoc_value instead [ 1008.909416][ T3331] bond0: (slave bond2): Error -95 calling ndo_bpf [ 1008.929408][ T3331] netlink: 'syz.3.13420': attribute type 10 has an invalid length. [ 1009.848023][T29175] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 1010.011722][T29175] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1010.029331][T29175] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1010.044059][T29175] usb 4-1: config 0 descriptor?? [ 1010.063732][T29175] cp210x 4-1:0.0: cp210x converter detected [ 1010.497813][T29175] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1010.514179][T29175] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1010.721397][ T5834] usb 4-1: USB disconnect, device number 121 [ 1010.731686][ T5834] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1010.785908][ T5834] cp210x 4-1:0.0: device disconnected [ 1010.792358][ T5875] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 1010.917243][T32425] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1010.956109][ T5875] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1010.970534][ T5875] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1010.981836][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1011.003092][ T5875] usb 3-1: config 0 descriptor?? [ 1011.015652][ T5875] pwc: Askey VC010 type 2 USB webcam detected. [ 1011.108867][T32425] usb 2-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 1011.118863][T32425] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1011.136156][T32425] usb 2-1: config 0 descriptor?? [ 1011.145873][T32425] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input173 [ 1011.402592][T29175] usb 2-1: USB disconnect, device number 110 [ 1011.439106][ T5875] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1011.593889][ T3402] netlink: 8 bytes leftover after parsing attributes in process `syz.6.13449'. [ 1011.604844][ T3402] bridge_slAve_0: renamed from lo (while UP) [ 1011.683368][ T5875] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1011.691594][ T5875] pwc: recv_control_msg error -71 req 04 val 1000 [ 1011.704615][ T5875] pwc: recv_control_msg error -71 req 04 val 1300 [ 1011.714682][ T5875] pwc: recv_control_msg error -71 req 04 val 1400 [ 1011.733103][ T5875] pwc: recv_control_msg error -71 req 02 val 2000 [ 1011.750530][ T5875] pwc: recv_control_msg error -71 req 02 val 2100 [ 1011.768376][ T5875] pwc: recv_control_msg error -71 req 04 val 1500 [ 1011.777806][ T5875] pwc: recv_control_msg error -71 req 02 val 2500 [ 1011.789702][ T5875] pwc: recv_control_msg error -71 req 02 val 2400 [ 1011.804709][ T5875] pwc: recv_control_msg error -71 req 02 val 2600 [ 1011.835945][ T5875] pwc: recv_control_msg error -71 req 02 val 2900 [ 1011.844160][ T5875] pwc: recv_control_msg error -71 req 02 val 2800 [ 1011.856763][ T5875] pwc: recv_control_msg error -71 req 04 val 1100 [ 1011.873336][ T5875] pwc: recv_control_msg error -71 req 04 val 1200 [ 1011.883424][ T5875] pwc: Registered as video103. [ 1011.890249][ T5875] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input174 [ 1011.910847][ T5875] usb 3-1: USB disconnect, device number 126 [ 1013.117301][T32425] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 1013.236010][ T3485] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13484'. [ 1013.279024][T32425] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1013.293497][T32425] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1013.323778][T32425] usb 4-1: config 0 descriptor?? [ 1014.427707][T32425] ath6kl: Failed to submit usb control message: -110 [ 1014.436650][T32425] ath6kl: unable to send the bmi data to the device: -110 [ 1014.460934][T32425] ath6kl: Unable to send get target info: -110 [ 1014.527851][T32425] ath6kl: Failed to init ath6kl core: -110 [ 1014.534829][T32425] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 1014.595412][ T5834] usb 4-1: USB disconnect, device number 122 [ 1015.497785][T32425] usb 2-1: new full-speed USB device number 111 using dummy_hcd [ 1015.660927][T32425] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1015.685928][T32425] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1015.748747][T32425] usb 2-1: config 0 descriptor?? [ 1015.891728][ T3567] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13519'. [ 1016.023310][T32425] [drm] vendor descriptor length:c3 data:07 22 c3 68 3a 01 46 00 00 00 00 [ 1016.077433][T32425] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 1016.232434][T32425] [drm:udl_init] *ERROR* Selecting channel failed [ 1016.253935][T32425] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 1016.280348][T32425] [drm] Initialized udl on minor 2 [ 1016.300002][T32425] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1016.317849][T32425] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1016.325268][ T5925] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1016.340282][ T5925] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1016.350606][T32425] usb 2-1: USB disconnect, device number 111 [ 1016.527208][ T5877] usb 6-1: new full-speed USB device number 94 using dummy_hcd [ 1016.682638][ T5877] usb 6-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 1016.692244][ T5877] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1016.721571][ T5877] usb 6-1: Product: syz [ 1016.731690][ T5877] usb 6-1: Manufacturer: syz [ 1016.736373][ T5877] usb 6-1: SerialNumber: syz [ 1017.060899][ T5877] usb 6-1: config 0 descriptor?? [ 1017.295660][ T5877] peak_usb 6-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 1017.446727][ T3628] netlink: 36 bytes leftover after parsing attributes in process `syz.3.13549'. [ 1017.502688][ T5877] peak_usb 6-1:0.0 can0: sending command failure: -22 [ 1017.513483][ T5877] peak_usb 6-1:0.0 can0: sending command failure: -22 [ 1017.527273][ T5877] peak_usb 6-1:0.0 can0: sending command failure: -22 [ 1017.618202][ T5877] peak_usb 6-1:0.0: probe with driver peak_usb failed with error -22 [ 1017.706222][T32425] usb 6-1: USB disconnect, device number 94 [ 1017.807802][ T5875] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1017.817632][ T5834] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 1017.908060][ T5877] usb 3-1: new high-speed USB device number 127 using dummy_hcd [ 1017.958138][ T5875] usb 2-1: Using ep0 maxpacket: 32 [ 1017.968182][ T5875] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1017.977654][ T5875] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.988698][ T5875] usb 2-1: config 0 descriptor?? [ 1017.993943][ T5834] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1018.004615][ T5834] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1018.015816][ T5875] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1018.024660][ T5834] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1018.034635][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1018.043377][ T5834] usb 4-1: SerialNumber: syz [ 1018.069606][ T5877] usb 3-1: config 0 has no interfaces? [ 1018.079137][ T5877] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 1018.089147][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1018.103180][ T5877] usb 3-1: config 0 descriptor?? [ 1018.265638][ T5834] usb 4-1: 0:2 : does not exist [ 1018.285330][ T3636] netlink: 'syz.5.13553': attribute type 21 has an invalid length. [ 1018.293462][ T5834] usb 4-1: USB disconnect, device number 123 [ 1018.300437][ T3636] netlink: 128 bytes leftover after parsing attributes in process `syz.5.13553'. [ 1018.311871][ T3636] netlink: 'syz.5.13553': attribute type 4 has an invalid length. [ 1018.320220][ T3636] netlink: 'syz.5.13553': attribute type 5 has an invalid length. [ 1018.329632][ T3636] netlink: 3 bytes leftover after parsing attributes in process `syz.5.13553'. [ 1018.349348][ T5877] usb 3-1: USB disconnect, device number 127 [ 1018.825375][ T5875] gspca_nw80x: reg_r err -71 [ 1018.831174][ T5875] nw80x 2-1:0.0: probe with driver nw80x failed with error -71 [ 1018.841382][ T5875] usb 2-1: USB disconnect, device number 112 [ 1019.978870][ T3680] netpci0: tun_chr_ioctl cmd 1074025677 [ 1019.990411][ T3680] netpci0: linktype set to 65534 [ 1022.553298][ T3786] netlink: 'syz.1.13614': attribute type 1 has an invalid length. [ 1023.385132][ T3820] netlink: 44 bytes leftover after parsing attributes in process `syz.1.13629'. [ 1023.489869][ T3822] netlink: 40 bytes leftover after parsing attributes in process `syz.3.13632'. [ 1024.004026][ T3841] team0: Device is already in use. [ 1024.036696][ T3844] netlink: 48 bytes leftover after parsing attributes in process `syz.3.13642'. [ 1024.053252][ T3844] pim6reg1: entered allmulticast mode [ 1024.198600][ T3853] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1024.388079][T32425] usb 6-1: new high-speed USB device number 95 using dummy_hcd [ 1024.416766][ T3859] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13651'. [ 1024.429758][ T3859] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13651'. [ 1024.549726][T32425] usb 6-1: Using ep0 maxpacket: 32 [ 1024.558225][T32425] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1024.626185][T32425] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1024.636818][T32425] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1024.650806][T32425] usb 6-1: Product: syz [ 1024.655058][T32425] usb 6-1: Manufacturer: syz [ 1024.661918][T32425] usb 6-1: SerialNumber: syz [ 1024.674902][T32425] usb 6-1: config 0 descriptor?? [ 1025.098501][T32425] gs_usb 6-1:0.0: Configuring for 1 interfaces [ 1025.142003][ T3880] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1025.149690][ T3880] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1025.515921][T32425] gs_usb 6-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 1025.537254][T32425] usb 6-1: USB disconnect, device number 95 [ 1025.730732][ T3896] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13667'. [ 1026.050125][ T29] audit: type=1326 audit(2134218608.460:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3907 comm="syz.3.13672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 1026.139665][ T29] audit: type=1326 audit(2134218608.460:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3907 comm="syz.3.13672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 1026.182897][ T3898] ================================================================== [ 1026.191043][ T3898] BUG: KASAN: slab-use-after-free in isolate_migratepages_block+0x21d6/0x45e0 [ 1026.200124][ T3898] Read of size 8 at addr ffff8880255b59b0 by task syz.2.13668/3898 [ 1026.208058][ T3898] [ 1026.210413][ T3898] CPU: 0 UID: 0 PID: 3898 Comm: syz.2.13668 Not tainted 6.13.0-rc4-syzkaller #0 [ 1026.219472][ T3898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1026.229559][ T3898] Call Trace: [ 1026.232876][ T3898] [ 1026.235840][ T3898] dump_stack_lvl+0x241/0x360 [ 1026.240570][ T3898] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1026.245860][ T3898] ? __pfx__printk+0x10/0x10 [ 1026.250627][ T3898] ? _printk+0xd5/0x120 [ 1026.254894][ T3898] ? __virt_addr_valid+0x183/0x530 [ 1026.260044][ T3898] ? __virt_addr_valid+0x183/0x530 [ 1026.265209][ T3898] print_report+0x169/0x550 [ 1026.269834][ T3898] ? __virt_addr_valid+0x183/0x530 [ 1026.275004][ T3898] ? __virt_addr_valid+0x183/0x530 [ 1026.280330][ T3898] ? __virt_addr_valid+0x45f/0x530 [ 1026.285478][ T3898] ? __phys_addr+0xba/0x170 [ 1026.290278][ T3898] ? isolate_migratepages_block+0x21d6/0x45e0 [ 1026.296488][ T3898] kasan_report+0x143/0x180 [ 1026.301042][ T3898] ? isolate_migratepages_block+0x21d6/0x45e0 [ 1026.307154][ T3898] kasan_check_range+0x282/0x290 [ 1026.312140][ T3898] isolate_migratepages_block+0x21d6/0x45e0 [ 1026.318083][ T3898] ? isolate_migratepages_block+0x22b1/0x45e0 [ 1026.324297][ T3898] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1026.328338][ T29] audit: type=1326 audit(2134218608.460:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3907 comm="syz.3.13672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 1026.330571][ T3898] ? __pageblock_pfn_to_page+0xd3/0x3c0 [ 1026.352711][ T29] audit: type=1326 audit(2134218608.460:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3907 comm="syz.3.13672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 1026.357717][ T3898] ? __pageblock_pfn_to_page+0xd3/0x3c0 [ 1026.357756][ T3898] compact_zone+0x32e6/0x4ac0 [ 1026.357818][ T3898] ? __pfx_compact_zone+0x10/0x10 [ 1026.391860][ T29] audit: type=1326 audit(2134218608.460:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3907 comm="syz.3.13672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff276585d29 code=0x7ffc0000 [ 1026.394544][ T3898] ? __lock_acquire+0x1397/0x2100 [ 1026.394589][ T3898] sysctl_compaction_handler+0x496/0x990 [ 1026.426882][ T3898] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1026.433125][ T3898] ? __virt_addr_valid+0x183/0x530 [ 1026.438283][ T3898] ? __virt_addr_valid+0x183/0x530 [ 1026.443443][ T3898] ? __virt_addr_valid+0x45f/0x530 [ 1026.448600][ T3898] ? __phys_addr_symbol+0x2f/0x70 [ 1026.453670][ T3898] ? __check_object_size+0x47a/0x730 [ 1026.459013][ T3898] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1026.465222][ T3898] proc_sys_call_handler+0x5ec/0x920 [ 1026.470633][ T3898] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1026.476451][ T3898] iter_file_splice_write+0xbfa/0x1510 [ 1026.481938][ T3898] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1026.487885][ T3898] ? rcu_read_lock_any_held+0xb7/0x160 [ 1026.493356][ T3898] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1026.499258][ T3898] direct_splice_actor+0x11b/0x220 [ 1026.504393][ T3898] splice_direct_to_actor+0x586/0xc80 [ 1026.509780][ T3898] ? __pfx_direct_splice_actor+0x10/0x10 [ 1026.515441][ T3898] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1026.521344][ T3898] ? __fget_files+0x2a/0x410 [ 1026.525934][ T3898] ? __pfx_lock_release+0x10/0x10 [ 1026.530971][ T3898] do_splice_direct+0x289/0x3e0 [ 1026.535829][ T3898] ? __pfx_do_splice_direct+0x10/0x10 [ 1026.541215][ T3898] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1026.547119][ T3898] ? rw_verify_area+0x1c3/0x6f0 [ 1026.551976][ T3898] do_sendfile+0x564/0x8a0 [ 1026.556394][ T3898] ? __pfx_do_sendfile+0x10/0x10 [ 1026.561331][ T3898] ? __might_fault+0xc6/0x120 [ 1026.566015][ T3898] __se_sys_sendfile64+0x100/0x1e0 [ 1026.571164][ T3898] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 1026.576805][ T3898] ? do_syscall_64+0x100/0x230 [ 1026.581579][ T3898] ? do_syscall_64+0xb6/0x230 [ 1026.586262][ T3898] do_syscall_64+0xf3/0x230 [ 1026.590780][ T3898] ? clear_bhb_loop+0x35/0x90 [ 1026.595456][ T3898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1026.601354][ T3898] RIP: 0033:0x7f8bdbb85d29 [ 1026.605831][ T3898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1026.625466][ T3898] RSP: 002b:00007f8bdc90b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1026.633886][ T3898] RAX: ffffffffffffffda RBX: 00007f8bdbd75fa0 RCX: 00007f8bdbb85d29 [ 1026.641917][ T3898] RDX: 00000000200000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1026.650018][ T3898] RBP: 00007f8bdbc01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 1026.658104][ T3898] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 1026.666085][ T3898] R13: 0000000000000000 R14: 00007f8bdbd75fa0 R15: 00007ffd893a66b8 [ 1026.674096][ T3898] [ 1026.677133][ T3898] [ 1026.679474][ T3898] Allocated by task 27: [ 1026.683630][ T3898] kasan_save_track+0x3f/0x80 [ 1026.688323][ T3898] __kasan_slab_alloc+0x66/0x80 [ 1026.693186][ T3898] kmem_cache_alloc_lru_noprof+0x1dd/0x390 [ 1026.699019][ T3898] shmem_alloc_inode+0x28/0x40 [ 1026.703816][ T3898] alloc_inode+0x65/0x1a0 [ 1026.708164][ T3898] new_inode+0x22/0x1d0 [ 1026.712333][ T3898] shmem_get_inode+0x39d/0xf20 [ 1026.717139][ T3898] shmem_mknod+0x191/0x3d0 [ 1026.721641][ T3898] vfs_mknod+0x36d/0x3b0 [ 1026.725887][ T3898] devtmpfs_work_loop+0x963/0x1040 [ 1026.731101][ T3898] devtmpfsd+0x4c/0x50 [ 1026.735169][ T3898] kthread+0x2f0/0x390 [ 1026.739235][ T3898] ret_from_fork+0x4b/0x80 [ 1026.743648][ T3898] ret_from_fork_asm+0x1a/0x30 [ 1026.748418][ T3898] [ 1026.750751][ T3898] Freed by task 24: [ 1026.754565][ T3898] kasan_save_track+0x3f/0x80 [ 1026.759305][ T3898] kasan_save_free_info+0x40/0x50 [ 1026.764363][ T3898] __kasan_slab_free+0x59/0x70 [ 1026.769146][ T3898] kmem_cache_free+0x195/0x410 [ 1026.773928][ T3898] rcu_core+0xaaa/0x17a0 [ 1026.778192][ T3898] handle_softirqs+0x2d4/0x9b0 [ 1026.782970][ T3898] run_ksoftirqd+0xca/0x130 [ 1026.787486][ T3898] smpboot_thread_fn+0x544/0xa30 [ 1026.792441][ T3898] kthread+0x2f0/0x390 [ 1026.796517][ T3898] ret_from_fork+0x4b/0x80 [ 1026.800955][ T3898] ret_from_fork_asm+0x1a/0x30 [ 1026.805728][ T3898] [ 1026.808102][ T3898] Last potentially related work creation: [ 1026.813854][ T3898] kasan_save_stack+0x3f/0x60 [ 1026.818546][ T3898] __kasan_record_aux_stack+0xac/0xc0 [ 1026.823921][ T3898] call_rcu+0x167/0xa70 [ 1026.828112][ T3898] evict+0x836/0x9a0 [ 1026.832010][ T3898] do_unlinkat+0x512/0x830 [ 1026.836426][ T3898] __x64_sys_unlink+0x47/0x50 [ 1026.841116][ T3898] do_syscall_64+0xf3/0x230 [ 1026.845624][ T3898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1026.851536][ T3898] [ 1026.853859][ T3898] The buggy address belongs to the object at ffff8880255b54e8 [ 1026.853859][ T3898] which belongs to the cache shmem_inode_cache of size 1544 [ 1026.868627][ T3898] The buggy address is located 1224 bytes inside of [ 1026.868627][ T3898] freed 1544-byte region [ffff8880255b54e8, ffff8880255b5af0) [ 1026.882607][ T3898] [ 1026.884932][ T3898] The buggy address belongs to the physical page: [ 1026.891345][ T3898] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880255b61f8 pfn:0x255b0 [ 1026.901406][ T3898] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1026.909903][ T3898] memcg:ffff8880342d9c01 [ 1026.914137][ T3898] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 1026.922630][ T3898] page_type: f5(slab) [ 1026.926615][ T3898] raw: 00fff00000000240 ffff888140a8e3c0 ffffea0001f24010 ffffea0001e7f810 [ 1026.935224][ T3898] raw: ffff8880255b61f8 0000000000130011 00000001f5000000 ffff8880342d9c01 [ 1026.943914][ T3898] head: 00fff00000000240 ffff888140a8e3c0 ffffea0001f24010 ffffea0001e7f810 [ 1026.952584][ T3898] head: ffff8880255b61f8 0000000000130011 00000001f5000000 ffff8880342d9c01 [ 1026.961267][ T3898] head: 00fff00000000003 ffffea0000956c01 ffffffffffffffff 0000000000000000 [ 1026.969932][ T3898] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1026.978699][ T3898] page dumped because: kasan: bad access detected [ 1026.985117][ T3898] page_owner tracks the page as allocated [ 1026.990828][ T3898] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 27, tgid 27 (kdevtmpfs), ts 9545540527, free_ts 0 [ 1027.010650][ T3898] post_alloc_hook+0x1f3/0x230 [ 1027.015417][ T3898] get_page_from_freelist+0x3651/0x37a0 [ 1027.020966][ T3898] __alloc_pages_noprof+0x292/0x710 [ 1027.026165][ T3898] alloc_pages_mpol_noprof+0x3e8/0x680 [ 1027.031629][ T3898] alloc_slab_page+0x6a/0x110 [ 1027.036328][ T3898] allocate_slab+0x5a/0x2b0 [ 1027.040844][ T3898] ___slab_alloc+0xc27/0x14a0 [ 1027.045703][ T3898] __slab_alloc+0x58/0xa0 [ 1027.050038][ T3898] kmem_cache_alloc_lru_noprof+0x26c/0x390 [ 1027.055934][ T3898] shmem_alloc_inode+0x28/0x40 [ 1027.060702][ T3898] alloc_inode+0x65/0x1a0 [ 1027.065029][ T3898] new_inode+0x22/0x1d0 [ 1027.069194][ T3898] shmem_get_inode+0x39d/0xf20 [ 1027.073959][ T3898] shmem_mknod+0x191/0x3d0 [ 1027.078463][ T3898] vfs_mknod+0x36d/0x3b0 [ 1027.082711][ T3898] devtmpfs_work_loop+0x963/0x1040 [ 1027.087820][ T3898] page_owner free stack trace missing [ 1027.093196][ T3898] [ 1027.095514][ T3898] Memory state around the buggy address: [ 1027.101136][ T3898] ffff8880255b5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1027.109195][ T3898] ffff8880255b5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1027.117253][ T3898] >ffff8880255b5980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1027.125325][ T3898] ^ [ 1027.131037][ T3898] ffff8880255b5a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1027.139126][ T3898] ffff8880255b5a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 1027.147183][ T3898] ================================================================== [ 1027.155268][ T3898] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1027.162466][ T3898] CPU: 0 UID: 0 PID: 3898 Comm: syz.2.13668 Not tainted 6.13.0-rc4-syzkaller #0 [ 1027.171505][ T3898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1027.181564][ T3898] Call Trace: [ 1027.184867][ T3898] [ 1027.187841][ T3898] dump_stack_lvl+0x241/0x360 [ 1027.192548][ T3898] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1027.197759][ T3898] ? __pfx__printk+0x10/0x10 [ 1027.202378][ T3898] ? rcu_is_watching+0x15/0xb0 [ 1027.207151][ T3898] ? lock_release+0xbf/0xa30 [ 1027.211833][ T3898] ? vscnprintf+0x5d/0x90 [ 1027.216173][ T3898] panic+0x349/0x880 [ 1027.220074][ T3898] ? check_panic_on_warn+0x21/0xb0 [ 1027.225188][ T3898] ? __pfx_panic+0x10/0x10 [ 1027.229607][ T3898] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1027.234818][ T3898] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1027.240731][ T3898] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1027.247064][ T3898] ? print_report+0x502/0x550 [ 1027.251771][ T3898] check_panic_on_warn+0x86/0xb0 [ 1027.256720][ T3898] ? isolate_migratepages_block+0x21d6/0x45e0 [ 1027.262793][ T3898] end_report+0x77/0x160 [ 1027.267043][ T3898] kasan_report+0x154/0x180 [ 1027.271573][ T3898] ? isolate_migratepages_block+0x21d6/0x45e0 [ 1027.277649][ T3898] kasan_check_range+0x282/0x290 [ 1027.282605][ T3898] isolate_migratepages_block+0x21d6/0x45e0 [ 1027.288511][ T3898] ? isolate_migratepages_block+0x22b1/0x45e0 [ 1027.294599][ T3898] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1027.300872][ T3898] ? __pageblock_pfn_to_page+0xd3/0x3c0 [ 1027.306423][ T3898] ? __pageblock_pfn_to_page+0xd3/0x3c0 [ 1027.311978][ T3898] compact_zone+0x32e6/0x4ac0 [ 1027.316691][ T3898] ? __pfx_compact_zone+0x10/0x10 [ 1027.321725][ T3898] ? __lock_acquire+0x1397/0x2100 [ 1027.326756][ T3898] sysctl_compaction_handler+0x496/0x990 [ 1027.332403][ T3898] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1027.338585][ T3898] ? __virt_addr_valid+0x183/0x530 [ 1027.343698][ T3898] ? __virt_addr_valid+0x183/0x530 [ 1027.348809][ T3898] ? __virt_addr_valid+0x45f/0x530 [ 1027.353938][ T3898] ? __phys_addr_symbol+0x2f/0x70 [ 1027.358965][ T3898] ? __check_object_size+0x47a/0x730 [ 1027.364346][ T3898] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1027.370513][ T3898] proc_sys_call_handler+0x5ec/0x920 [ 1027.375803][ T3898] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1027.381614][ T3898] iter_file_splice_write+0xbfa/0x1510 [ 1027.387112][ T3898] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1027.393368][ T3898] ? rcu_read_lock_any_held+0xb7/0x160 [ 1027.398924][ T3898] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1027.404824][ T3898] direct_splice_actor+0x11b/0x220 [ 1027.409950][ T3898] splice_direct_to_actor+0x586/0xc80 [ 1027.415336][ T3898] ? __pfx_direct_splice_actor+0x10/0x10 [ 1027.420979][ T3898] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1027.426887][ T3898] ? __fget_files+0x2a/0x410 [ 1027.431475][ T3898] ? __pfx_lock_release+0x10/0x10 [ 1027.436511][ T3898] do_splice_direct+0x289/0x3e0 [ 1027.441377][ T3898] ? __pfx_do_splice_direct+0x10/0x10 [ 1027.446754][ T3898] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1027.452659][ T3898] ? rw_verify_area+0x1c3/0x6f0 [ 1027.457515][ T3898] do_sendfile+0x564/0x8a0 [ 1027.461934][ T3898] ? __pfx_do_sendfile+0x10/0x10 [ 1027.466875][ T3898] ? __might_fault+0xc6/0x120 [ 1027.471557][ T3898] __se_sys_sendfile64+0x100/0x1e0 [ 1027.476676][ T3898] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 1027.482333][ T3898] ? do_syscall_64+0x100/0x230 [ 1027.487108][ T3898] ? do_syscall_64+0xb6/0x230 [ 1027.491795][ T3898] do_syscall_64+0xf3/0x230 [ 1027.496310][ T3898] ? clear_bhb_loop+0x35/0x90 [ 1027.500990][ T3898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1027.506897][ T3898] RIP: 0033:0x7f8bdbb85d29 [ 1027.511313][ T3898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1027.531197][ T3898] RSP: 002b:00007f8bdc90b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1027.539626][ T3898] RAX: ffffffffffffffda RBX: 00007f8bdbd75fa0 RCX: 00007f8bdbb85d29 [ 1027.547794][ T3898] RDX: 00000000200000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1027.555782][ T3898] RBP: 00007f8bdbc01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 1027.563758][ T3898] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 1027.571762][ T3898] R13: 0000000000000000 R14: 00007f8bdbd75fa0 R15: 00007ffd893a66b8 [ 1027.579776][ T3898] [ 1028.684691][ T3898] Shutting down cpus with NMI [ 1028.689580][ T3898] Kernel Offset: disabled [ 1028.693919][ T3898] Rebooting in 86400 seconds..